1 results (0.003 seconds)

CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 1

The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames. El servicio PPTP VPN en Watchguard Firebox versiones anteriores a 10, al realizar la negociación de autenticación MS-CHAPv2, genera diferentes códigos de error dependiendo de si el nombre de usuario es válido o no válido, lo que permite a los atacantes remotos enumerar nombres de usuario comprobados. • http://secunia.com/advisories/29708 http://www.mwrinfosecurity.com/publications/mwri_watchguard-firebox-pptp-vpn-user-enumeration-advisory_2008-04-04.pdf http://www.osvdb.org/44218 http://www.securityfocus.com/bid/28619 http://www.securitytracker.com/id?1019796 http://www.vupen.com/english/advisories/2008/1152/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41683 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •