CVE-2005-2640

Summary

Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid.

Impact & exploitability

AV:N/AC:L/Au:N/C:P/I:N/A:N

Affected products we track (1)

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Additional information

• NVD record
• http://secunia.com/advisories/16474/Advisory
• http://www.nta-monitor.com/news/vpn-flaws/juniper/netscreen/index.htmAdvisory
• http://marc.info/?l=bugtraq&m=112438068426034&w=2
• http://securitytracker.com/id?1014728
• http://www.securityfocus.com/bid/14595Exploit