Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2640

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-2640
Last Modified 05 Sep 2008 04:52:17
Published 23 Aug 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2640

Summary

Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid.

Vulnerable Systems

Operating System

  • Juniper Netscreen Screenos 1.64

  • Juniper Netscreen Screenos 1.66

  • Juniper Netscreen Screenos 1.66 R2

  • Juniper Netscreen Screenos 1.7

  • Juniper Netscreen Screenos 1.73 R1

  • Juniper Netscreen Screenos 1.73 R2

  • Juniper Netscreen Screenos 2.0.1 R8

  • Juniper Netscreen Screenos 2.1

  • Juniper Netscreen Screenos 2.1 R6

  • Juniper Netscreen Screenos 2.1 R7

  • Juniper Netscreen Screenos 2.10 R3

  • Juniper Netscreen Screenos 2.10 R4

  • Juniper Netscreen Screenos 2.5

  • Juniper Netscreen Screenos 2.5r1

  • Juniper Netscreen Screenos 2.5r2

  • Juniper Netscreen Screenos 2.5r6

  • Juniper Netscreen Screenos 2.6.0

  • Juniper Netscreen Screenos 2.6.1

  • Juniper Netscreen Screenos 2.6.1r1

  • Juniper Netscreen Screenos 2.6.1r10

  • Juniper Netscreen Screenos 2.6.1r11

  • Juniper Netscreen Screenos 2.6.1r12

  • Juniper Netscreen Screenos 2.6.1r2

  • Juniper Netscreen Screenos 2.6.1r3

  • Juniper Netscreen Screenos 2.6.1r4

  • Juniper Netscreen Screenos 2.6.1r5

  • Juniper Netscreen Screenos 2.6.1r6

  • Juniper Netscreen Screenos 2.6.1r7

  • Juniper Netscreen Screenos 2.6.1r8

  • Juniper Netscreen Screenos 2.6.1r9

  • Juniper Netscreen Screenos 2.7.1

  • Juniper Netscreen Screenos 2.7.1r1

  • Juniper Netscreen Screenos 2.7.1r2

  • Juniper Netscreen Screenos 2.7.1r3

  • Juniper Netscreen Screenos 2.8

  • Juniper Netscreen Screenos 2.8 R1

  • Juniper Netscreen Screenos 3.0.0

  • Juniper Netscreen Screenos 3.0.0r1

  • Juniper Netscreen Screenos 3.0.0r2

  • Juniper Netscreen Screenos 3.0.0r3

  • Juniper Netscreen Screenos 3.0.0r4

  • Juniper Netscreen Screenos 3.0.1

  • Juniper Netscreen Screenos 3.0.1r1

  • Juniper Netscreen Screenos 3.0.1r2

  • Juniper Netscreen Screenos 3.0.1r3

  • Juniper Netscreen Screenos 3.0.1r4

  • Juniper Netscreen Screenos 3.0.1r5

  • Juniper Netscreen Screenos 3.0.1r6

  • Juniper Netscreen Screenos 3.0.1r7

  • Juniper Netscreen Screenos 3.0.2

  • Juniper Netscreen Screenos 3.0.3

  • Juniper Netscreen Screenos 3.0.3 R1.1

  • Juniper Netscreen Screenos 3.0.3r1

  • Juniper Netscreen Screenos 3.0.3r2

  • Juniper Netscreen Screenos 3.0.3r3

  • Juniper Netscreen Screenos 3.0.3r4

  • Juniper Netscreen Screenos 3.0.3r5

  • Juniper Netscreen Screenos 3.0.3r6

  • Juniper Netscreen Screenos 3.0.3r7

  • Juniper Netscreen Screenos 3.0.3r8

  • Juniper Netscreen Screenos 3.1.0

  • Juniper Netscreen Screenos 3.1.0r1

  • Juniper Netscreen Screenos 3.1.0r10

  • Juniper Netscreen Screenos 3.1.0r11

  • Juniper Netscreen Screenos 3.1.0r12

  • Juniper Netscreen Screenos 3.1.0r2

  • Juniper Netscreen Screenos 3.1.0r3

  • Juniper Netscreen Screenos 3.1.0r4

  • Juniper Netscreen Screenos 3.1.0r5

  • Juniper Netscreen Screenos 3.1.0r6

  • Juniper Netscreen Screenos 3.1.0r7

  • Juniper Netscreen Screenos 3.1.0r8

  • Juniper Netscreen Screenos 3.1.0r9

  • Juniper Netscreen Screenos 3.1.1 R2

  • Juniper Netscreen Screenos 4.0.0

  • Juniper Netscreen Screenos 4.0.0r1

  • Juniper Netscreen Screenos 4.0.0r10

  • Juniper Netscreen Screenos 4.0.0r11

  • Juniper Netscreen Screenos 4.0.0r12

  • Juniper Netscreen Screenos 4.0.0r2

  • Juniper Netscreen Screenos 4.0.0r3

  • Juniper Netscreen Screenos 4.0.0r4

  • Juniper Netscreen Screenos 4.0.0r5

  • Juniper Netscreen Screenos 4.0.0r6

  • Juniper Netscreen Screenos 4.0.0r7

  • Juniper Netscreen Screenos 4.0.0r8

  • Juniper Netscreen Screenos 4.0.0r9

  • Juniper Netscreen Screenos 4.0.1

  • Juniper Netscreen Screenos 4.0.1r1

  • Juniper Netscreen Screenos 4.0.1r10

  • Juniper Netscreen Screenos 4.0.1r2

  • Juniper Netscreen Screenos 4.0.1r3

  • Juniper Netscreen Screenos 4.0.1r4

  • Juniper Netscreen Screenos 4.0.1r5

  • Juniper Netscreen Screenos 4.0.1r6

  • Juniper Netscreen Screenos 4.0.1r7

  • Juniper Netscreen Screenos 4.0.1r8

  • Juniper Netscreen Screenos 4.0.1r9

  • Juniper Netscreen Screenos 4.0.2

  • Juniper Netscreen Screenos 4.0.3

  • Juniper Netscreen Screenos 4.0.3r1

  • Juniper Netscreen Screenos 4.0.3r2

  • Juniper Netscreen Screenos 4.0.3r3

  • Juniper Netscreen Screenos 4.0.3r4

  • Juniper Netscreen Screenos 5.0.0

  • Juniper Netscreen Screenos 5.1.0

  • Juniper Netscreen Screenos 5.1.0r3a

  • Juniper Netscreen Screenos 5.2.0

  • Netscreen Ns-10

  • Netscreen Ns-100 3.0 .pe1.0

  • Netscreen Ns-204 0110.0 11 4.0 R10.0

  • Netscreen Ns-204 0110.0 11 5.1.0 R3a

  • Netscreen Ns-204 5.0.0 R6.0

  • Netscreen Ns-500 4110.0 11 4.0 R10.0

  • Netscreen Ns-500 4110.0 11 5.1.0 R3a

  • Netscreen Ns-50ns25 5.0.0 R6.0

Application

  • Neoteris Instant Virtual Extranet 3.0

  • Neoteris Instant Virtual Extranet 3.1

  • Neoteris Instant Virtual Extranet 3.2

  • Neoteris Instant Virtual Extranet 3.3

  • Neoteris Instant Virtual Extranet 3.3.1


References

BID - 14595

MISC - http://www.nta-monitor.com/news/vpn-flaws/juniper/netscreen/index.htm

SECTRACK - 1014728

SECUNIA - 16474

BUGTRAQ - 20050818 Juniper Netscreen VPN Username Enumeration Vulnerability


Last Updated: 27 May 2016 10:40:34