Vulnerabilities > CVE-2005-2640

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
neoteris
juniper
netscreen
exploit available
NVD
Published: 2005-08-23
Updated: 2016-10-18

Summary

Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid.

Vulnerable Configurations

Part Description Count
Application
Neoteris
5
OS
Juniper
109
OS
Netscreen
8
Hardware
Juniper
8
Hardware
Netscreen
3

Exploit-Db

descriptionJuniper Netscreen 5.0 VPN Username Enumeration Vulnerability. CVE-2005-2640. Remote exploit for hardware platform
idEDB-ID:26168
last seen2016-02-03
modified2005-08-18
published2005-08-18
reporterRoy Hills
sourcehttps://www.exploit-db.com/download/26168/
titleJuniper Netscreen 5.0 VPN Username Enumeration Vulnerability

References