CVE Vulnerabilities

CVE-2000-1037

Published: Dec 11, 2000 | Modified: Sep 05, 2008
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Check Point Firewall-1 session agent 3.0 through 4.1 generates different error messages for invalid user names versus invalid passwords, which allows remote attackers to determine valid usernames and guess a password via a brute force attack.

Affected Software

Name Vendor Start Version End Version
Firewall-1 Checkpoint 3.0 3.0
Firewall-1 Checkpoint 4.0 4.0
Firewall-1 Checkpoint 4.1 4.1

References