CVE-2007-0195

Name of the Vulnerable Software and Affected Versions F5 FirePass versions 5.4 through 5.5.1 F5 FirePass version 6.0

Description The issue allows remote attackers to determine the validity of an LDAP account by analyzing different error messages displayed for failed login attempts with valid and invalid usernames.

Recommendations For F5 FirePass versions 5.4 through 5.5.1, consider modifying the error message handling in my.activation.php3 to prevent disclosure of username validity. For F5 FirePass version 6.0, consider modifying the error message handling in my.activation.php3 to prevent disclosure of username validity. At the moment, there is no information about a newer version that contains a fix for this vulnerability.