2 matches found
CVE-2008-1618
CVE-2008-1618 : Watchguard Firebox PPTP VPN (pre-10) may leak valid usernames during MS-CHAPv2 authentication due to distinct error codes for valid vs invalid usernames. The documented behavior enables an attacker to enumerate valid usernames, facilitating targeted password guessing and potential...
CVE-2008-1618
The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames...