Watchguard Firebox User Enumeration Vulnerability

  • Published: 4 Apr 2008
  • Type: Watchguard Firebox PPTP VPN User Enumeration Vulnerability
  • Severity: Medium

Affected Products

Watchguard Firebox

CVE

CVE-2008-1618

Download the advisory here

An advisory has been published today by MWR InfoSecurity relating to a user enumeration vulnerability present in Watchguard Firebox software prior to Version 10. The vendor has released a patch to address the issue which may be downloaded from https://www.watchguard.com/archive/softwarecenter.asp

The impact of this vulnerability is that password guessing attacks can be performed much more efficiently by conducting them only against those usernames known to be valid. Additionally, these usernames may be valid on other systems and may also aid social engineering attacks.