QwikSec

Security Database

CVE

CWE

Training

CVE-2008-1618

Published: Apr 7, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.mwrinfosecurity.com/publications/mwri_watchguard-firebox-pptp-vpn-user-enumeration-advisory_2008-04-04.pdf

x_refsource_MISC

vdb-entry

x_refsource_OSVDB

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_BID

firebox-pptpvpn-mschapv2-info-disclosure(41683)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.