Vulnerability Details CVE-2008-1618
The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.7%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/29708
- http://www.mwrinfosecurity.com/publications/mwri_watchguard-firebox-pptp-vpn-user-enumeration-advisory_2008-04-04.pdf
- http://www.osvdb.org/44218
- http://www.securityfocus.com/bid/28619
- http://www.securitytracker.com/id?1019796
- http://www.vupen.com/english/advisories/2008/1152/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41683
- http://secunia.com/advisories/29708
- http://www.mwrinfosecurity.com/publications/mwri_watchguard-firebox-pptp-vpn-user-enumeration-advisory_2008-04-04.pdf
- http://www.osvdb.org/44218
- http://www.securityfocus.com/bid/28619
- http://www.securitytracker.com/id?1019796
- http://www.vupen.com/english/advisories/2008/1152/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41683
Products affected by CVE-2008-1618
-
cpe:2.3:a:watchguard:firebox_pptp_vpn:4.9
-
cpe:2.3:a:watchguard:firebox_pptp_vpn:5.0