Vulnerabilities > CVE-2005-2640
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid.
Vulnerable Configurations
Exploit-Db
| description | Juniper Netscreen 5.0 VPN Username Enumeration Vulnerability. CVE-2005-2640. Remote exploit for hardware platform |
| id | EDB-ID:26168 |
| last seen | 2016-02-03 |
| modified | 2005-08-18 |
| published | 2005-08-18 |
| reporter | Roy Hills |
| source | https://www.exploit-db.com/download/26168/ |
| title | Juniper Netscreen 5.0 VPN Username Enumeration Vulnerability |
References
- http://marc.info/?l=bugtraq&m=112438068426034&w=2
- http://marc.info/?l=bugtraq&m=112438068426034&w=2
- http://secunia.com/advisories/16474/
- http://secunia.com/advisories/16474/
- http://securitytracker.com/id?1014728
- http://securitytracker.com/id?1014728
- http://www.nta-monitor.com/news/vpn-flaws/juniper/netscreen/index.htm
- http://www.nta-monitor.com/news/vpn-flaws/juniper/netscreen/index.htm
- http://www.securityfocus.com/bid/14595
- http://www.securityfocus.com/bid/14595