CVE-2005-2640

Severity

50%

Complexity

99%

Confidentiality

48%

Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid.

Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N).

Overview

Type

Juniper

First reported 19 years ago

2005-08-23 04:00:00

Last updated 8 years ago

2016-10-18 03:29:00

Affected Software

Juniper NetScreen ScreenOS 1.64

1.64

Juniper NetScreen ScreenOS 1.66

1.66

Juniper NetScreen ScreenOS 2.1

2.1

Juniper NetScreen ScreenOS 2.5

2.5

Juniper NetScreen ScreenOS 2.5 r1

2.5r1

Juniper NetScreen ScreenOS 2.5 r2

2.5r2

Juniper NetScreen ScreenOS 2.5 r6

2.5r6

Juniper NetScreen ScreenOS 2.6.0

2.6.0

Juniper NetScreen ScreenOS 2.6.1

2.6.1

Juniper NetScreen ScreenOS 2.6.1 r1

2.6.1r1

Juniper NetScreen ScreenOS 2.6.1 r2

2.6.1r2

Juniper NetScreen ScreenOS 2.6.1 r3

2.6.1r3

Juniper NetScreen ScreenOS 2.6.1 r4

2.6.1r4

Juniper NetScreen ScreenOS 2.6.1 r5

2.6.1r5

Juniper NetScreen ScreenOS 2.6.1 r6

2.6.1r6

Juniper NetScreen ScreenOS 2.6.1 r7

2.6.1r7

Juniper NetScreen ScreenOS 2.6.1 r8

2.6.1r8

Juniper NetScreen ScreenOS 2.6.1 r9

2.6.1r9

Juniper NetScreen ScreenOS 2.6.1 r10

2.6.1r10

Juniper NetScreen ScreenOS 2.6.1 r11

2.6.1r11

Juniper NetScreen ScreenOS 2.6.1 r12

2.6.1r12

Juniper NetScreen ScreenOS 2.7.1

2.7.1

Juniper NetScreen ScreenOS 2.7.1 r1

2.7.1r1

Juniper NetScreen ScreenOS 2.7.1 r2

2.7.1r2

Juniper NetScreen ScreenOS 2.7.1 r3

2.7.1r3

Juniper NetScreen ScreenOS 2.8

2.8

Juniper ScreenOS 3.0.0

3.0.0

Juniper ScreenOS 3.0.0 r1

3.0.0r1

Juniper ScreenOS 3.0.0 r2

3.0.0r2

Juniper ScreenOS 3.0.0 r3

3.0.0r3

Juniper ScreenOS 3.0.0 r4

3.0.0r4

Juniper NetScreen ScreenOS 3.0.1

3.0.1

Juniper NetScreen ScreenOS 3.0.1 r1

3.0.1r1

Juniper NetScreen ScreenOS 3.0.1 r2

3.0.1r2

Juniper NetScreen ScreenOS 3.0.1 r3

3.0.1r3

Juniper NetScreen ScreenOS 3.0.1 r4

3.0.1r4

Juniper NetScreen ScreenOS 3.0.1 r5

3.0.1r5

Juniper NetScreen ScreenOS 3.0.1 r6

3.0.1r6

Juniper NetScreen ScreenOS 3.0.1 r7

3.0.1r7

Juniper NetScreen ScreenOS 3.0.2

3.0.2

Juniper NetScreen ScreenOS 3.0.3

3.0.3

Juniper NetScreen ScreenOS 3.0.3 r1

3.0.3r1

Juniper NetScreen ScreenOS 3.0.3 r2

3.0.3r2

Juniper NetScreen ScreenOS 3.0.3 r3

3.0.3r3

Juniper NetScreen ScreenOS 3.0.3 r4

3.0.3r4

Juniper NetScreen ScreenOS 3.0.3 r5

3.0.3r5

Juniper NetScreen ScreenOS 3.0.3 r6

3.0.3r6

Juniper NetScreen ScreenOS 3.0.3 r7

3.0.3r7

Juniper NetScreen ScreenOS 3.0.3 r8

3.0.3r8

Juniper NetScreen ScreenOS 3.1

3.1.0

Juniper NetScreen ScreenOS 3.1 r1

3.1.0r1

Juniper NetScreen ScreenOS 3.1 r2

3.1.0r2

Juniper NetScreen ScreenOS 3.1 r3

3.1.0r3

Juniper NetScreen ScreenOS 3.1 r4

3.1.0r4

Juniper NetScreen ScreenOS 3.1 r5

3.1.0r5

Juniper NetScreen ScreenOS 3.1 r6

3.1.0r6

Juniper NetScreen ScreenOS 3.1 r7

3.1.0r7

Juniper NetScreen ScreenOS 3.1 r8

3.1.0r8

Juniper NetScreen ScreenOS 3.1 r9

3.1.0r9

Juniper NetScreen ScreenOS 3.1 r10

3.1.0r10

Juniper NetScreen ScreenOS 3.1 r11

3.1.0r11

Juniper NetScreen ScreenOS 3.1 r12

3.1.0r12

Juniper NetScreen ScreenOS 4.0

4.0.0

Juniper NetScreen ScreenOS 4.0 r1

4.0.0r1

Juniper NetScreen ScreenOS 4.0 r2

4.0.0r2

Juniper NetScreen ScreenOS 4.0 r3

4.0.0r3

Juniper NetScreen ScreenOS 4.0 r4

4.0.0r4

Juniper NetScreen ScreenOS 4.0 r5

4.0.0r5

Juniper ScreenOS 4.0.0 r6

4.0.0r6

Juniper NetScreen ScreenOS 4.0 r7

4.0.0r7

Juniper NetScreen ScreenOS 4.0 r8

4.0.0r8

Juniper NetScreen ScreenOS 4.0 r9

4.0.0r9

Juniper NetScreen ScreenOS 4.0 r10

4.0.0r10

Juniper NetScreen ScreenOS 4.0 r11

4.0.0r11

Juniper NetScreen ScreenOS 4.0 r12

4.0.0r12

Juniper NetScreen ScreenOS 4.0.1

4.0.1

Juniper NetScreen ScreenOS 4.0.1 r1

4.0.1r1

Juniper NetScreen ScreenOS 4.0.1 r2

4.0.1r2

Juniper NetScreen ScreenOS 4.0.1 r3

4.0.1r3

Juniper NetScreen ScreenOS 4.0.1 r4

4.0.1r4

Juniper NetScreen ScreenOS 4.0.1 r5

4.0.1r5

Juniper NetScreen ScreenOS 4.0.1 r6

4.0.1r6

Juniper NetScreen ScreenOS 4.0.1 r7

4.0.1r7

Juniper NetScreen ScreenOS 4.0.1 r8

4.0.1r8

Juniper NetScreen ScreenOS 4.0.1 r9

4.0.1r9

Juniper NetScreen ScreenOS 4.0.1 r10

4.0.1r10

Juniper NetScreen ScreenOS 4.0.2

4.0.2

Juniper NetScreen ScreenOS 4.0.3

4.0.3

Juniper NetScreen ScreenOS 4.0.3 r1

4.0.3r1

Juniper NetScreen ScreenOS 4.0.3 r2

4.0.3r2

Juniper NetScreen ScreenOS 4.0.3 r3

4.0.3r3

Juniper NetScreen ScreenOS 4.0.3 r4

4.0.3r4

Juniper NetScreen ScreenOS 5.0

5.0.0

Juniper ScreenOS 5.1

5.1.0

Juniper ScreenOS 5.1.0 r3a

5.1.0r3a

Juniper ScreenOS 5.2

5.2.0

Juniper NetScreen-5GT 5.0

5.0

Juniper NetScreen-IDP 10 3.0

3.0

Juniper NetScreen-IDP 10 3.0 r1

3.0r1

Juniper NetScreen-IDP 10 3.0 r2

3.0r2

References

20050818 Juniper Netscreen VPN Username Enumeration Vulnerability

16474

Vendor Advisory

1014728

http://www.nta-monitor.com/news/vpn-flaws/juniper/netscreen/index.htm

Exploit, Vendor Advisory

14595

Exploit

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.