CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 1CVE-2008-1618
https://notcve.org/view.php?id=CVE-2008-1618
The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames. El servicio PPTP VPN en Watchguard Firebox versiones anteriores a 10, al realizar la negociación de autenticación MS-CHAPv2, genera diferentes códigos de error dependiendo de si el nombre de usuario es válido o no válido, lo que permite a los atacantes remotos enumerar nombres de usuario comprobados. • http://secunia.com/advisories/29708 http://www.mwrinfosecurity.com/publications/mwri_watchguard-firebox-pptp-vpn-user-enumeration-advisory_2008-04-04.pdf http://www.osvdb.org/44218 http://www.securityfocus.com/bid/28619 http://www.securitytracker.com/id?1019796 http://www.vupen.com/english/advisories/2008/1152/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41683 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 1CVE-2002-1046
https://notcve.org/view.php?id=CVE-2002-1046
Dynamic VPN Configuration Protocol service (DVCP) in Watchguard Firebox firmware 5.x.x allows remote attackers to cause a denial of service (crash) via a malformed packet containing tab characters to TCP port 4110. • http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0012.html http://www.iss.net/security_center/static/9509.php http://www.securityfocus.com/bid/5186 •