ID

VAR-200012-0093


CVE

CVE-2000-1032


TITLE

Check Point Firewall Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200012-053

DESCRIPTION

The client authentication interface for Check Point Firewall-1 4.0 and earlier generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to identify valid usernames on the firewall. Checkpoint Firewall-1 is a popular firewall package available from Checkpoint Software Technologies. Upon connecting to the firewall, the attacker enters a username and password. If the username and password are invalid, the firewall will respond with "<username> not found". If the username is valid, and the password is invalid, the firewall will respond with "Access denied by Firewall-1 authentication". Upon successfully determining a valid username, a remote attacker could then attempt a brute force or password grinding attack to determine the password for the valid username. If successful, an attacker could then gain access to the firewall based on that user's privileges

Trust: 1.26

sources: NVD: CVE-2000-1032 // BID: 1890 // VULHUB: VHN-2602

AFFECTED PRODUCTS

vendor:checkpointmodel:firewall-1scope:eqversion:4.0

Trust: 1.6

vendor:checkpointmodel:firewall-1scope:eqversion:3.0

Trust: 1.6

vendor:checkmodel:point software firewall-1scope:eqversion:4.0

Trust: 0.3

vendor:checkmodel:point software firewall-1scope:eqversion:3.0

Trust: 0.3

sources: BID: 1890 // CNNVD: CNNVD-200012-053 // NVD: CVE-2000-1032

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2000-1032
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200012-053
value: MEDIUM

Trust: 0.6

VULHUB: VHN-2602
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2000-1032
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-2602
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-2602 // CNNVD: CNNVD-200012-053 // NVD: CVE-2000-1032

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-1032

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200012-053

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200012-053

EXTERNAL IDS

db:BIDid:1890

Trust: 2.0

db:NVDid:CVE-2000-1032

Trust: 1.7

db:OSVDBid:1632

Trust: 1.7

db:CNNVDid:CNNVD-200012-053

Trust: 0.7

db:XFid:5816

Trust: 0.6

db:XFid:1

Trust: 0.6

db:BUGTRAQid:20001101 RE: SAMBA 2.0.7 SWAT VULNERABILITIES

Trust: 0.6

db:VULHUBid:VHN-2602

Trust: 0.1

sources: VULHUB: VHN-2602 // BID: 1890 // CNNVD: CNNVD-200012-053 // NVD: CVE-2000-1032

REFERENCES

url:http://www.securityfocus.com/bid/1890

Trust: 1.7

url:http://www.securityfocus.com/archive/1/142808

Trust: 1.7

url:http://www.osvdb.org/1632

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/5816

Trust: 1.1

url:http://xforce.iss.net/xforce/xfdb/5816

Trust: 0.6

sources: VULHUB: VHN-2602 // CNNVD: CNNVD-200012-053 // NVD: CVE-2000-1032

CREDITS

This vulnerability was first reported to Bugtraq by Ryan Gray <ryan@sniper.org> on November 1, 2000.

Trust: 0.3

sources: BID: 1890

SOURCES

db:VULHUBid:VHN-2602
db:BIDid:1890
db:CNNVDid:CNNVD-200012-053
db:NVDid:CVE-2000-1032

LAST UPDATE DATE

2024-08-14T13:07:31.989000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-2602date:2017-10-10T00:00:00
db:BIDid:1890date:2000-11-01T00:00:00
db:CNNVDid:CNNVD-200012-053date:2005-05-02T00:00:00
db:NVDid:CVE-2000-1032date:2017-10-10T01:29:27

SOURCES RELEASE DATE

db:VULHUBid:VHN-2602date:2000-12-11T00:00:00
db:BIDid:1890date:2000-11-01T00:00:00
db:CNNVDid:CNNVD-200012-053date:2000-12-11T00:00:00
db:NVDid:CVE-2000-1032date:2000-12-11T05:00:00