← back
CVE-2005-2640

CVE-2005-2640

EPSS 7.1%
Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/26168unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://marc.info/?l=bugtraq&m=112438068426034&w=2http://secunia.com/advisories/16474/http://securitytracker.com/id?1014728http://www.nta-monitor.com/news/vpn-flaws/juniper/netscreen/index.htmhttp://www.securityfocus.com/bid/14595