Vulnerability: User Enumeration and Brute Force Attack in Check Point Firewall-1 Session Agent

Vulnerability: User Enumeration and Brute Force Attack in Check Point Firewall-1 Session Agent

CVE-2000-1037 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Check Point Firewall-1 session agent 3.0 through 4.1 generates different error messages for invalid user names versus invalid passwords, which allows remote attackers to determine valid usernames and guess a password via a brute force attack.

Learn more about our User Device Pen Test.