Watchguard Firebox User Enumeration Vulnerability

CVE-2008-1618

    Type

  • Watchguard Firebox PPTP VPN User Enumeration Vulnerability

    • Severity

  • Medium

    • Affected products

  • Watchguard Firebox

    • Date

  • 2008-04-04

    • CVE Reference

  • CVE-2008-1618
Read more

An advisory has been published today by MWR InfoSecurity relating to a user enumeration vulnerability present in Watchguard Firebox software prior to Version 10. The vendor has released a patch to address the issue which may be downloaded from  https://www.watchguard.com/archive/softwarecenter.asp

The impact of this vulnerability is that password guessing attacks can be performed much more efficiently by conducting them only against those usernames known to be valid. Additionally, these usernames may be valid on other systems and may also aid social engineering attacks.