CVE-2000-1037

Name of the Vulnerable Software and Affected Versions Check Point Firewall-1 session agent versions 3.0 through 4.1

Description The issue allows remote attackers to determine valid usernames and guess a password via a brute force attack, due to different error messages being generated for invalid user names versus invalid passwords.

Recommendations For versions 3.0 through 4.1, consider modifying the error message handling to prevent disclosure of valid usernames, and implement additional security measures such as account lockout policies or rate limiting to mitigate the risk of brute force attacks.