Watchguard Firebox User Enumeration Vulnerability

Product Watchguard Firebox
Severity Medium
CVE Reference CVE-2008-1618
Type Watchguard Firebox PPTP VPN User Enumeration Vulnerability

An advisory has been published today by MWR InfoSecurity relating to a user enumeration vulnerability present in Watchguard Firebox software prior to Version 10. The vendor has released a patch to address the issue which may be downloaded from https://www.watchguard.com/archive/softwarecenter.asp.

The impact of this vulnerability is that password guessing attacks can be performed much more efficiently by conducting them only against those usernames known to be valid. Additionally, these usernames may be valid on other systems and may also aid social engineering attacks.