WatchGuard Fireware User Enumeration Vulnerability

WatchGuard Fireware is a firewall appliance from WatchGuard USA that provides intrusion protection, spam filtering, SSL VPN and more with intelligent layering technology. A user enumeration vulnerability exists in WatchGuard Fireware v11.12.1 and earlier versions. An attacker can exploit this...

CVE-2017-8055

WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier returns different responses for valid and invalid usernames. An attacker could exploit this...

CVE-2017-8055

WatchGuard Fireware contains a user enumeration flaw in the Firebox XML-RPC login handler. A login request with a blank password to the XML-RPC agent in Fireware v11.12.1 and earlier yields different responses for valid versus invalid usernames, enabling an attacker to enumerate valid usernames o...

Watchguard Firebox / XTM XXE Injection

Watchguardas Firebox and XTM are a series of enterprise grade network security appliances providing advanced security services like next generation firewall, intrusion prevention, malware detection and blockage and others. Two vulnerabilities were discovered affecting the XML-RPC interface of the...

Watchguard Firebox / XTM XXE Injection Vulnerability

Watchguard's Firebox and XTM appliances suffer from XML external entity injection and XML-RPC user enumeration vulnerabilities. Watchguardas Firebox and XTM are a series of enterprise grade network security appliances providing advanced security services like next generation firewall, intrusion...

WatchGuard Firebox Certificate Detection

Binary data 700049.prm...

WatchGuard Firebox Appliance Detection (HTTP)

HTTP based detection of WatchGuard Firebox appliances. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[NEWS] Watchguard Firebox PPTP VPN User Enumeration Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Watchguard Firebox user enumeration

Error code is different for invalid username and password for PPTP MS-CHAPv2 authentication...

CVE-2008-1618

The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames...

Authentication flaw

The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames...

CVE-2008-1618

CVE-2008-1618 : Watchguard Firebox PPTP VPN (pre-10) may leak valid usernames during MS-CHAPv2 authentication due to distinct error codes for valid vs invalid usernames. The documented behavior enables an attacker to enumerate valid usernames, facilitating targeted password guessing and potential...

CVE-2002-1520

The CVE concerns the CLI interface of WatchGuard Firebox Vclass (versions 3.2 and earlier) and RSSA Appliance 3.0.2. The underlying issue is that the SSH connection is not properly closed when the -N option is used during authentication, which can allow remote attackers to access the CLI with adm...

CVE-2002-1520

The CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, does not properly close the SSH connection when a -N option is provided during authentication, which allows remote attackers to access CLI with administrator privileges...

CVE-2002-1519

The CVE-2002-1519 entry describes a format-string vulnerability in the CLI interface of WatchGuard Firebox Vclass (3.2 and earlier) and RSSA Appliance 3.0.2. The issue arises from format string specifiers in the password parameter, allowing remote attackers to trigger denial of service and potent...

CVE-2002-1519

Format string vulnerability in the CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the password parameter...

Linux 2.0 remote info leak from too big icmp citation

---------------------------------------------------------------------- Cartel Sйcuritй --- Security Advisory Advisory Number: CARTSA-20030314 Subject: Linux 2.0 remote info leak from too big icmp citation Author: Philippe Biondi [email protected] Discovered: March 14, 2003 Published: June...

CVE-2002-1519

Format string vulnerability in the CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the password parameter...

CVE-2002-1520

The CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, does not properly close the SSH connection when a -N option is provided during authentication, which allows remote attackers to access CLI with administrator privileges...

CVE-2002-1046

The CVE-2002-1046 entry describes a Denial of Service against Watchguard Firebox firmware 5.x.x via the Dynamic VPN Configuration Protocol (DVCP). A remote attacker can crash the device by sending a malformed packet containing tab characters to TCP port 4110. No root cause, affected versions beyo...