Title: Check Point VPN-1 SecuRemote Username Acknowledgement Vulnerability
Severity: MODERATE
Description:
VPN-1 is a popular secure remote access software package, distributed and maintained by Check Point.
A problem with the software package has been discovered that could allow a remote user to gain access to a valid user account. The problem is in the yielding of unnecessary username information.
Upon connecting to a VPN-1 implementation to attain secure access to a remote site, and cryptographic tunnel is established between VPN-1 and the user via the Check Point SecuRemote software implementation. This is intended to keep all information traversing the network between the user and VPN-1 private.
Usernames are leaked through the error messages produced by VPN-1. A user attempting to connect to the VPN-1 system via SecuRemote with a valid username and incorrect password will receive an error message stating that access is denied. However, a user attempting to connect with an invalid username will receive an error message stating the username is unknown.
This problem makes it possible for a remote attacker to launch a brute force attack against the server to gain a valid username and password, with a higher degree of success. This vulnerability affects Windows NT and 2000 implementations.
Affected Products:
- Check Point Software VPN-1 4.1.0 SP4
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
