Check Point Firewall-1 session agent 3.0 through 4.1 generates different error messages for invalid user names versus invalid passwords, which allows remote attackers to determine valid usernames and guess a password via a brute force attack.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Firewall-1 | Checkpoint | 3.0 | 3.0 |
Firewall-1 | Checkpoint | 4.1 | 4.1 |
Firewall-1 | Checkpoint | 4.0 | 4.0 |