PT-2007-1679 · F5 · F5 Firepass

Published

2007-01-11

Updated

2008-09-05

CVE-2007-0195

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions F5 FirePass versions 5.4 through 5.5.1 F5 FirePass version 6.0

Description The issue allows remote attackers to determine the validity of an LDAP account by analyzing different error messages displayed for failed login attempts with valid and invalid usernames.

Recommendations For F5 FirePass versions 5.4 through 5.5.1, consider modifying the error message handling in my.activation.php3 to prevent disclosure of username validity. For F5 FirePass version 6.0, consider modifying the error message handling in my.activation.php3 to prevent disclosure of username validity. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-0195

Affected Products

F5 Firepass

PT-2007-1679 · F5 · F5 Firepass

CVE-2007-0195

Related Identifiers

Affected Products

References · 7