The PPTP VPN service in Watchguard Firebox prior to 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes depending on whether the username is valid or invalid, which allows remote malicious users to enumerate valid usernames.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
watchguard firebox pptp vpn 4.9 |
||
watchguard firebox pptp vpn 5.0 |