Watchguard Firebox User Enumeration Vulnerability
- Published: 4 Apr 2008
Watchguard Firebox User Enumeration Vulnerability
CVE-2008-1618
Share
Type
- Watchguard Firebox PPTP VPN User Enumeration Vulnerability
Severity
- Medium
Affected products
- Watchguard Firebox
Date
- 2008-04-04
CVE Reference
- CVE-2008-1618
An advisory has been published today by MWR InfoSecurity relating to a user enumeration vulnerability present in Watchguard Firebox software prior to Version 10. The vendor has released a patch to address the issue which may be downloaded from https://www.watchguard.com/archive/softwarecenter.asp
The impact of this vulnerability is that password guessing attacks can be performed much more efficiently by conducting them only against those usernames known to be valid. Additionally, these usernames may be valid on other systems and may also aid social engineering attacks.