CVSS: 7.4EPSS: 0%CPEs: 5EXPL: 0CVE-2004-2621
https://notcve.org/view.php?id=CVE-2004-2621
31 Dec 2004 — Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle (MITM) attack. • http://secunia.com/advisories/12881 •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0CVE-2004-1105
https://notcve.org/view.php?id=CVE-2004-1105
01 Dec 2004 — Nortel Networks Contivity VPN Client displays a different error message depending on whether the username is valid or invalid, which could allow remote attackers to gain sensitive information. Nortel Networks Contivity VPN Client muestra un mensaje de error dependiendo de si el nombre de usuario es válido o no, lo que podría permitir a atacantes remotos obtener información sensible. • http://archives.neohapsis.com/archives/fulldisclosure/2004-11/0291.html •