| Product | Watchguard Firebox |
| Severity | Medium |
| CVE Reference | CVE-2008-1618 |
| Type | Watchguard Firebox PPTP VPN User Enumeration Vulnerability |
An advisory has been published today by MWR InfoSecurity relating to a user enumeration vulnerability present in Watchguard Firebox software prior to Version 10. The vendor has released a patch to address the issue which may be downloaded from https://www.watchguard.com/archive/softwarecenter.asp.
The impact of this vulnerability is that password guessing attacks can be performed much more efficiently by conducting them only against those usernames known to be valid. Additionally, these usernames may be valid on other systems and may also aid social engineering attacks.