Details of VAR-200012-0093

ID

VAR-200012-0093

CVE

CVE-2000-1032

TITLE

Check Point Firewall Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200012-053

DESCRIPTION

The client authentication interface for Check Point Firewall-1 4.0 and earlier generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to identify valid usernames on the firewall. Checkpoint Firewall-1 is a popular firewall package available from Checkpoint Software Technologies. Upon connecting to the firewall, the attacker enters a username and password. If the username and password are invalid, the firewall will respond with "<username> not found". If the username is valid, and the password is invalid, the firewall will respond with "Access denied by Firewall-1 authentication". Upon successfully determining a valid username, a remote attacker could then attempt a brute force or password grinding attack to determine the password for the valid username. If successful, an attacker could then gain access to the firewall based on that user's privileges

Trust: 1.26

sources: NVD: CVE-2000-1032 // BID: 1890 // VULHUB: VHN-2602

AFFECTED PRODUCTS

vendor:	checkpoint	model:	firewall-1	scope:	eq	version:	4.0	Trust: 1.6
vendor:	checkpoint	model:	firewall-1	scope:	eq	version:	3.0	Trust: 1.6
vendor:	check	model:	point software firewall-1	scope:	eq	version:	4.0	Trust: 0.3
vendor:	check	model:	point software firewall-1	scope:	eq	version:	3.0	Trust: 0.3

sources: BID: 1890 // CNNVD: CNNVD-200012-053 // NVD: CVE-2000-1032

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2000-1032
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200012-053
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-2602
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2000-1032
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-2602
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-2602 // CNNVD: CNNVD-200012-053 // NVD: CVE-2000-1032

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-1032

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200012-053

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200012-053

EXTERNAL IDS

db:	BID	id:	1890	Trust: 2.0
db:	NVD	id:	CVE-2000-1032	Trust: 1.7
db:	OSVDB	id:	1632	Trust: 1.7
db:	CNNVD	id:	CNNVD-200012-053	Trust: 0.7
db:	XF	id:	5816	Trust: 0.6
db:	XF	id:	1	Trust: 0.6
db:	BUGTRAQ	id:	20001101 RE: SAMBA 2.0.7 SWAT VULNERABILITIES	Trust: 0.6
db:	VULHUB	id:	VHN-2602	Trust: 0.1

sources: VULHUB: VHN-2602 // BID: 1890 // CNNVD: CNNVD-200012-053 // NVD: CVE-2000-1032

REFERENCES

url:	http://www.securityfocus.com/bid/1890	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/142808	Trust: 1.7
url:	http://www.osvdb.org/1632	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/5816	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/5816	Trust: 0.6

sources: VULHUB: VHN-2602 // CNNVD: CNNVD-200012-053 // NVD: CVE-2000-1032

CREDITS

This vulnerability was first reported to Bugtraq by Ryan Gray <ryan@sniper.org> on November 1, 2000.

Trust: 0.3

sources: BID: 1890

SOURCES

db:	VULHUB	id:	VHN-2602
db:	BID	id:	1890
db:	CNNVD	id:	CNNVD-200012-053
db:	NVD	id:	CVE-2000-1032

LAST UPDATE DATE

2024-08-14T13:07:31.989000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-2602	date:	2017-10-10T00:00:00
db:	BID	id:	1890	date:	2000-11-01T00:00:00
db:	CNNVD	id:	CNNVD-200012-053	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-2000-1032	date:	2017-10-10T01:29:27

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-2602	date:	2000-12-11T00:00:00
db:	BID	id:	1890	date:	2000-11-01T00:00:00
db:	CNNVD	id:	CNNVD-200012-053	date:	2000-12-11T00:00:00
db:	NVD	id:	CVE-2000-1032	date:	2000-12-11T05:00:00