The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2008-04-07T18:00:00
Updated: 2017-08-07T12:57:01
Reserved: 2008-04-02T00:00:00
Link: CVE-2008-1618
JSON object: View
NVD Information
Status : Modified
Published: 2008-04-07T18:44:00.000
Modified: 2017-08-08T01:30:17.947
Link: CVE-2008-1618
JSON object: View
Redhat Information
No data.
CWE