Details of VAR-200112-0235

ID

VAR-200112-0235

CVE

CVE-2001-1499

TITLE

Check Point VPN-1 SecuRemote Username confirmation vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200112-202

DESCRIPTION

Check Point VPN-1 4.1SP4 using SecuRemote returns different error messages for valid and invalid users, with prompts that vary depending on the authentication method being used, which makes it easier for remote attackers to conduct brute force attacks. VPN-1 is a popular secure remote access software package, distributed and maintained by Check Point. A problem with the software package makes it possible for a user to gain potential access. This increases the chances of a remote attacker launching a successful brute force attack against a VPN-1 server. This vulnerability affects Windows NT and 2000 implementations. The prompt changes depending on the authentication method used

Trust: 1.26

sources: NVD: CVE-2001-1499 // BID: 3470 // VULHUB: VHN-4300

AFFECTED PRODUCTS

vendor:	checkpoint	model:	vpn-1	scope:	eq	version:	4.1	Trust: 1.6
vendor:	check	model:	point software vpn-1 sp4	scope:	eq	version:	4.1	Trust: 0.3

sources: BID: 3470 // CNNVD: CNNVD-200112-202 // NVD: CVE-2001-1499

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-1499
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200112-202
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-4300
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2001-1499
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-4300
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-4300 // CNNVD: CNNVD-200112-202 // NVD: CVE-2001-1499

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1499

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200112-202

TYPE

Design Error

Trust: 0.9

sources: BID: 3470 // CNNVD: CNNVD-200112-202

EXTERNAL IDS

db:	BID	id:	3470	Trust: 2.0
db:	OSVDB	id:	20210	Trust: 1.7
db:	NVD	id:	CVE-2001-1499	Trust: 1.7
db:	CNNVD	id:	CNNVD-200112-202	Trust: 0.7
db:	BUGTRAQ	id:	20011023 CHECK POINT VPN-1 SECUREMOTE FLAW	Trust: 0.6
db:	BUGTRAQ	id:	20011024 RE: CHECK POINT VPN-1 SECUREMOTE FLAW	Trust: 0.6
db:	XF	id:	1	Trust: 0.6
db:	XF	id:	7343	Trust: 0.6
db:	VULHUB	id:	VHN-4300	Trust: 0.1

sources: VULHUB: VHN-4300 // BID: 3470 // CNNVD: CNNVD-200112-202 // NVD: CVE-2001-1499

REFERENCES

url:	http://www.securityfocus.com/bid/3470	Trust: 2.7
url:	http://www.securityfocus.com/archive/1/222366	Trust: 2.7
url:	http://www.securityfocus.com/archive/1/222479	Trust: 2.7
url:	http://www.osvdb.org/20210	Trust: 2.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/7343	Trust: 2.1
url:	http://xforce.iss.net/xforce/xfdb/7343	Trust: 0.6

sources: VULHUB: VHN-4300 // CNNVD: CNNVD-200112-202 // NVD: CVE-2001-1499

SOURCES

db:	VULHUB	id:	VHN-4300
db:	BID	id:	3470
db:	CNNVD	id:	CNNVD-200112-202
db:	NVD	id:	CVE-2001-1499

LAST UPDATE DATE

2024-11-22T20:06:56.544000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-4300	date:	2017-07-11T00:00:00
db:	BID	id:	3470	date:	2001-10-23T00:00:00
db:	CNNVD	id:	CNNVD-200112-202	date:	2006-01-27T00:00:00
db:	NVD	id:	CVE-2001-1499	date:	2024-11-20T23:37:49.913

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-4300	date:	2001-12-31T00:00:00
db:	BID	id:	3470	date:	2001-10-23T00:00:00
db:	CNNVD	id:	CNNVD-200112-202	date:	2001-12-31T00:00:00
db:	NVD	id:	CVE-2001-1499	date:	2001-12-31T05:00:00