Details of VAR-200508-0142

ID

VAR-200508-0142

CVE

CVE-2005-2640

TITLE

Juniper Netscreen VPN Username Enumeration Vulnerability

Trust: 0.9

sources: BID: 14595 // CNNVD: CNNVD-200508-259

DESCRIPTION

Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid. NetScreen ScreenOS of IKE In the protocol implementation, IKE User name included in aggressive mode messages (IKE ID) Is valid VPN There are vulnerabilities that respond differently depending on whether you are a user.An effective VPN You may get your username and password hash. This allows for attackers to obtain a list of valid VPN users. With a valid username, an attacker can obtain hashed credentials against which a brute force attack may be performed. A successful crack would mean that the attacker has complete access to the network. Netscreen is one of Juniper's leading line of networking and security products. Juniper Netscreen's integrated firewall/VPN product has a VPN user name enumeration vulnerability when performing VPN security tests for customers. Once a username is discovered, an attacker can use that username to get a hash from Netscreen and then crack the associated password offline. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Juniper Netscreen IPSec VPN Username Enumeration Weakness SECUNIA ADVISORY ID: SA16474 VERIFY ADVISORY: http://secunia.com/advisories/16474/ CRITICAL: Not critical IMPACT: Exposure of system information WHERE: >From remote OPERATING SYSTEM: NetScreen ScreenOS 5.x http://secunia.com/product/2569/ NetScreen ScreenOS 4.x http://secunia.com/product/695/ NetScreen ScreenOS 3.x http://secunia.com/product/798/ NetScreen ScreenOS 2.x http://secunia.com/product/1395/ DESCRIPTION: NTA Monitor has reported a weakness in Juniper Netscreen VPN, which can be exploited by malicious people to gain knowledge of certain information. The weakness is caused due to the device returning different responses depending on whether or not a valid username is supplied. This can be exploited to enumerate valid usernames, which can be used to obtain password hashes. The weakness has been reported in ScreenOS software versions up to 5.2.0. SOLUTION: Use certificate authentication instead of pre-shared key authentication. PROVIDED AND/OR DISCOVERED BY: NTA Monitor ORIGINAL ADVISORY: NTA Monitor: http://www.nta-monitor.com/news/vpn-flaws/juniper/netscreen/index.htm ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2005-2640 // JVNDB: JVNDB-2005-000498 // BID: 14595 // VULHUB: VHN-13849 // PACKETSTORM: 39477

AFFECTED PRODUCTS

vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.1.0r4	Trust: 1.6
vendor:	juniper	model:	netscreen-5gt	scope:	eq	version:	5.0	Trust: 1.3
vendor:	juniper	model:	screenos	scope:	eq	version:	5.1	Trust: 1.1
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	4.0.0r1	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	2.10_r3	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	4.0.1r7	Trust: 1.0
vendor:	netscreen	model:	ns-10	scope:	eq	version:	*	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.0.3r6	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	2.7.1r3	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	2.5r6	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.0.3r7	Trust: 1.0
vendor:	netscreen	model:	ns-100	scope:	eq	version:	3.0_.pe1.0	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.1.1_r2	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.0.3_r1.1	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.0.1r6	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	4.0.1r3	Trust: 1.0
vendor:	juniper	model:	netscreen-idp	scope:	eq	version:	3.0r1	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.0.3r3	Trust: 1.0
vendor:	neoteris	model:	instant virtual extranet	scope:	eq	version:	3.0	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	4.0.1r8	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.1.0r10	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.1.0r9	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	2.6.1r9	Trust: 1.0
vendor:	neoteris	model:	instant virtual extranet	scope:	eq	version:	3.3	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.1.0r3	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	4.0.0r4	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	4.0.0r7	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	2.6.1r3	Trust: 1.0
vendor:	netscreen	model:	ns-204	scope:	eq	version:	5.0.0_r6.0	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	4.0.0r6	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	2.6.1r7	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.0.3r8	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	2.7.1	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.1.0r11	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	4.0.1r1	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	4.0.3r2	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	5.1.0	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.0.1r2	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	4.0.0r8	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	2.0.1_r8	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	4.0.1r6	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.1.0r1	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	2.1_r6	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	2.6.1r1	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	2.8	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	4.0.1r4	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.0.1	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	4.0.1	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	4.0.1r2	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	5.1.0r3a	Trust: 1.0
vendor:	juniper	model:	netscreen-idp	scope:	eq	version:	3.0	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.0.1r5	Trust: 1.0
vendor:	juniper	model:	netscreen-idp 500	scope:	eq	version:	3.0.1_r1	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	2.5r2	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	2.7.1r1	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.0.1r4	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	1.73_r2	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	2.5r1	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.1.0r6	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	4.0.1r9	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	4.0.3r4	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.0.3r5	Trust: 1.0
vendor:	netscreen	model:	ns-500	scope:	eq	version:	4110.0_11_4.0_r10.0	Trust: 1.0
vendor:	netscreen	model:	netscreen-sa 5020 series	scope:	eq	version:	4.2_r2.2	Trust: 1.0
vendor:	netscreen	model:	ns-500	scope:	eq	version:	4110.0_11_5.1.0_r3a	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.0.0r1	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.0.1r7	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	2.6.1r2	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	2.10_r4	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.0.3r1	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	4.0.0r10	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	2.1_r7	Trust: 1.0
vendor:	netscreen	model:	ns-50ns25	scope:	eq	version:	5.0.0_r6.0	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	2.6.0	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	1.64	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	4.0.0r9	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	2.6.1r11	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	2.7.1r2	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.0.3r2	Trust: 1.0
vendor:	netscreen	model:	ns-204	scope:	eq	version:	0110.0_11_5.1.0_r3a	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.0.0r4	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	4.0.3	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	1.66_r2	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	4.0.3r3	Trust: 1.0
vendor:	netscreen	model:	netscreen-sa 5050 series	scope:	eq	version:	4.2_r2.2	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	2.6.1r4	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.1.0r2	Trust: 1.0
vendor:	neoteris	model:	instant virtual extranet	scope:	eq	version:	3.3.1	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	5.0.0	Trust: 1.0
vendor:	juniper	model:	netscreen-idp 100	scope:	eq	version:	3.0.1_r1	Trust: 1.0
vendor:	netscreen	model:	netscreen-sa 5000 series	scope:	eq	version:	*	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	4.0.0r12	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.0.3	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	2.6.1	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.1.0r5	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	2.6.1r8	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	4.0.1r10	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	4.0.0r11	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	2.8_r1	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.0.0r3	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	2.5	Trust: 1.0
vendor:	juniper	model:	netscreen-idp 1000	scope:	eq	version:	3.0.1_r1	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	1.66	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.0.2	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	2.6.1r5	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	4.0.2	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	2.6.1r12	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.1.0r8	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	2.6.1r10	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.0.0r2	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.1.0r7	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.1.0	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.1.0r12	Trust: 1.0
vendor:	juniper	model:	netscreen-idp 10	scope:	eq	version:	3.0.1_r1	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	5.2.0	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.0.1r3	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	4.0.3r1	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	4.0.0r3	Trust: 1.0
vendor:	neoteris	model:	instant virtual extranet	scope:	eq	version:	3.2	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	1.73_r1	Trust: 1.0
vendor:	juniper	model:	netscreen-idp	scope:	eq	version:	3.0r2	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	4.0.1r5	Trust: 1.0
vendor:	neoteris	model:	instant virtual extranet	scope:	eq	version:	3.1	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	2.1	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	2.6.1r6	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.0.3r4	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	4.0.0r5	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	3.0.1r1	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	4.0.0r2	Trust: 1.0
vendor:	netscreen	model:	ns-204	scope:	eq	version:	0110.0_11_4.0_r10.0	Trust: 1.0
vendor:	juniper	model:	netscreen screenos	scope:	eq	version:	1.7	Trust: 1.0
vendor:	juniper	model:	screenos	scope:	eq	version:	2.8	Trust: 0.8
vendor:	juniper	model:	screenos	scope:	eq	version:	3.0	Trust: 0.8
vendor:	juniper	model:	screenos	scope:	eq	version:	3.1	Trust: 0.8
vendor:	juniper	model:	screenos	scope:	eq	version:	4.0	Trust: 0.8
vendor:	juniper	model:	screenos	scope:	eq	version:	5.0	Trust: 0.8
vendor:	juniper	model:	screenos	scope:	eq	version:	5.2	Trust: 0.8
vendor:	netscreen	model:	screenos r2	scope:	eq	version:	1.66	Trust: 0.3
vendor:	netscreen	model:	screenos r12	scope:	eq	version:	4.0	Trust: 0.3
vendor:	netscreen	model:	screenos r10	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	netscreen	model:	ns-100 .pe1.0	scope:	eq	version:	3.0	Trust: 0.3
vendor:	juniper	model:	netscreen-idp r1	scope:	eq	version:	5003.0.1	Trust: 0.3
vendor:	netscreen	model:	screenos r10	scope:	eq	version:	4.0	Trust: 0.3
vendor:	netscreen	model:	screenos	scope:	eq	version:	1.66	Trust: 0.3
vendor:	netscreen	model:	ns-10	scope:	-	version:	-	Trust: 0.3
vendor:	netscreen	model:	screenos r8	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	juniper	model:	netscreen-idp r1	scope:	eq	version:	1003.0	Trust: 0.3
vendor:	netscreen	model:	screenos r2	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	netscreen	model:	screenos r11	scope:	eq	version:	2.6.1	Trust: 0.3
vendor:	juniper	model:	netscreen-idp r1	scope:	eq	version:	10003.0.1	Trust: 0.3
vendor:	juniper	model:	netscreen-idp	scope:	eq	version:	103.0	Trust: 0.3
vendor:	netscreen	model:	screenos r6	scope:	eq	version:	2.5	Trust: 0.3
vendor:	netscreen	model:	screenos .0r3a	scope:	eq	version:	5.1	Trust: 0.3
vendor:	netscreen	model:	screenos r5	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	netscreen	model:	screenos r1	scope:	eq	version:	3.0	Trust: 0.3
vendor:	netscreen	model:	instant virtual extranet	scope:	eq	version:	3.0	Trust: 0.3
vendor:	netscreen	model:	screenos r8	scope:	eq	version:	4.0	Trust: 0.3
vendor:	juniper	model:	netscreen-idp r1	scope:	eq	version:	103.0.1	Trust: 0.3
vendor:	netscreen	model:	screenos r2	scope:	eq	version:	4.0	Trust: 0.3
vendor:	netscreen	model:	screenos r4	scope:	eq	version:	2.6.1	Trust: 0.3
vendor:	netscreen	model:	screenos r3	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	netscreen	model:	screenos	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	netscreen	model:	screenos r5	scope:	eq	version:	3.1	Trust: 0.3
vendor:	netscreen	model:	screenos r1	scope:	eq	version:	2.8	Trust: 0.3
vendor:	netscreen	model:	screenos	scope:	eq	version:	4.0	Trust: 0.3
vendor:	netscreen	model:	screenos r9	scope:	eq	version:	3.1	Trust: 0.3
vendor:	netscreen	model:	screenos r1	scope:	eq	version:	3.1	Trust: 0.3
vendor:	netscreen	model:	screenos	scope:	eq	version:	3.0.2	Trust: 0.3
vendor:	netscreen	model:	screenos r3	scope:	eq	version:	4.0	Trust: 0.3
vendor:	netscreen	model:	screenos r1	scope:	eq	version:	2.6.1	Trust: 0.3
vendor:	netscreen	model:	instant virtual extranet	scope:	eq	version:	3.1	Trust: 0.3
vendor:	netscreen	model:	screenos r10	scope:	eq	version:	3.1	Trust: 0.3
vendor:	juniper	model:	netscreen-idp r2	scope:	eq	version:	1003.0	Trust: 0.3
vendor:	netscreen	model:	screenos	scope:	eq	version:	2.1	Trust: 0.3
vendor:	netscreen	model:	ns-204 [version 0110 - ] r10.0	scope:	eq	version:	4.0	Trust: 0.3
vendor:	netscreen	model:	screenos r7	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	juniper	model:	netscreen-idp	scope:	eq	version:	5003.0	Trust: 0.3
vendor:	juniper	model:	netscreen-idp r1	scope:	eq	version:	103.0	Trust: 0.3
vendor:	netscreen	model:	screenos r2	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	netscreen	model:	screenos r7	scope:	eq	version:	4.0	Trust: 0.3
vendor:	netscreen	model:	screenos r2	scope:	eq	version:	2.7.1	Trust: 0.3
vendor:	netscreen	model:	screenos	scope:	eq	version:	1.7	Trust: 0.3
vendor:	netscreen	model:	screenos	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	netscreen	model:	screenos	scope:	eq	version:	1.64	Trust: 0.3
vendor:	netscreen	model:	screenos	scope:	eq	version:	4.0.2	Trust: 0.3
vendor:	netscreen	model:	screenos r6	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	netscreen	model:	screenos r3	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	netscreen	model:	screenos r4	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	netscreen	model:	screenos	scope:	eq	version:	2.7.1	Trust: 0.3
vendor:	netscreen	model:	screenos r7	scope:	eq	version:	2.1	Trust: 0.3
vendor:	netscreen	model:	screenos r3	scope:	eq	version:	2.10	Trust: 0.3
vendor:	juniper	model:	netscreen-idp	scope:	eq	version:	10003.0	Trust: 0.3
vendor:	netscreen	model:	screenos r6	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	netscreen	model:	screenos	scope:	eq	version:	3.1	Trust: 0.3
vendor:	netscreen	model:	screenos r8	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	netscreen	model:	screenos r2	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	netscreen	model:	screenos r3	scope:	eq	version:	2.7.1	Trust: 0.3
vendor:	netscreen	model:	screenos	scope:	eq	version:	5.0	Trust: 0.3
vendor:	netscreen	model:	screenos r6	scope:	eq	version:	4.0	Trust: 0.3
vendor:	juniper	model:	netscreen-idp r2	scope:	eq	version:	103.0	Trust: 0.3
vendor:	netscreen	model:	screenos r7	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	netscreen	model:	screenos r5	scope:	eq	version:	2.6.1	Trust: 0.3
vendor:	netscreen	model:	screenos r4	scope:	eq	version:	4.0.3	Trust: 0.3
vendor:	netscreen	model:	screenos r3	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	juniper	model:	netscreen-idp r1	scope:	eq	version:	5003.0	Trust: 0.3
vendor:	netscreen	model:	screenos r1	scope:	eq	version:	2.5	Trust: 0.3
vendor:	netscreen	model:	screenos r6	scope:	eq	version:	2.1	Trust: 0.3
vendor:	netscreen	model:	screenos r12	scope:	eq	version:	3.1	Trust: 0.3
vendor:	netscreen	model:	screenos r9	scope:	eq	version:	2.6.1	Trust: 0.3
vendor:	netscreen	model:	screenos r7	scope:	eq	version:	3.1	Trust: 0.3
vendor:	netscreen	model:	screenos r10	scope:	eq	version:	2.6.1	Trust: 0.3
vendor:	netscreen	model:	screenos r1	scope:	eq	version:	4.0.3	Trust: 0.3
vendor:	netscreen	model:	screenos r2	scope:	eq	version:	3.0	Trust: 0.3
vendor:	juniper	model:	netscreen-idp r1	scope:	eq	version:	1003.0.1	Trust: 0.3
vendor:	netscreen	model:	screenos r6	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	netscreen	model:	netscreen-sa series	scope:	eq	version:	5000	Trust: 0.3
vendor:	juniper	model:	netscreen-idp r1	scope:	eq	version:	10003.0	Trust: 0.3
vendor:	netscreen	model:	screenos r1	scope:	eq	version:	1.73	Trust: 0.3
vendor:	netscreen	model:	screenos	scope:	eq	version:	3.0	Trust: 0.3
vendor:	netscreen	model:	screenos r2	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	netscreen	model:	screenos r4	scope:	eq	version:	2.10	Trust: 0.3
vendor:	netscreen	model:	screenos r3	scope:	eq	version:	3.0	Trust: 0.3
vendor:	netscreen	model:	screenos r6	scope:	eq	version:	3.1	Trust: 0.3
vendor:	netscreen	model:	instant virtual extranet	scope:	eq	version:	3.3.1	Trust: 0.3
vendor:	netscreen	model:	screenos r8	scope:	eq	version:	3.1	Trust: 0.3
vendor:	netscreen	model:	screenos r2	scope:	eq	version:	3.1	Trust: 0.3
vendor:	juniper	model:	netscreen-idp r2	scope:	eq	version:	5003.0	Trust: 0.3
vendor:	netscreen	model:	screenos	scope:	eq	version:	2.8	Trust: 0.3
vendor:	netscreen	model:	screenos r11	scope:	eq	version:	4.0	Trust: 0.3
vendor:	netscreen	model:	screenos	scope:	eq	version:	2.6	Trust: 0.3
vendor:	netscreen	model:	screenos	scope:	eq	version:	2.6.1	Trust: 0.3
vendor:	netscreen	model:	screenos r5	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	netscreen	model:	screenos r4	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	netscreen	model:	screenos r3	scope:	eq	version:	3.1	Trust: 0.3
vendor:	netscreen	model:	ns-500 [version 4110 - ] .0r3a	scope:	eq	version:	5.1	Trust: 0.3
vendor:	netscreen	model:	screenos r4	scope:	eq	version:	4.0	Trust: 0.3
vendor:	netscreen	model:	screenos r1	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	juniper	model:	screenos	scope:	eq	version:	5.2.0	Trust: 0.3
vendor:	juniper	model:	netscreen-idp r2	scope:	eq	version:	10003.0	Trust: 0.3
vendor:	netscreen	model:	screenos r12	scope:	eq	version:	2.6.1	Trust: 0.3
vendor:	netscreen	model:	screenos r1.1	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	netscreen	model:	screenos r9	scope:	eq	version:	4.0	Trust: 0.3
vendor:	netscreen	model:	screenos r1	scope:	eq	version:	4.0	Trust: 0.3
vendor:	netscreen	model:	screenos r7	scope:	eq	version:	2.6.1	Trust: 0.3
vendor:	netscreen	model:	ns-50ns25 .0r6.0	scope:	eq	version:	5.0	Trust: 0.3
vendor:	netscreen	model:	instant virtual extranet	scope:	eq	version:	3.2	Trust: 0.3
vendor:	netscreen	model:	screenos r4	scope:	eq	version:	3.0	Trust: 0.3
vendor:	netscreen	model:	netscreen-sa series .r.2.2	scope:	eq	version:	50204.2	Trust: 0.3
vendor:	netscreen	model:	screenos r11	scope:	eq	version:	3.1	Trust: 0.3
vendor:	netscreen	model:	screenos r4	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	netscreen	model:	screenos r6	scope:	eq	version:	2.6.1	Trust: 0.3
vendor:	netscreen	model:	screenos r2	scope:	eq	version:	2.5	Trust: 0.3
vendor:	netscreen	model:	screenos	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	netscreen	model:	screenos r8	scope:	eq	version:	2.6.1	Trust: 0.3
vendor:	netscreen	model:	netscreen-sa series .r.2.2	scope:	eq	version:	50504.2	Trust: 0.3
vendor:	netscreen	model:	screenos r2	scope:	eq	version:	2.6.1	Trust: 0.3
vendor:	netscreen	model:	screenos r4	scope:	eq	version:	3.1	Trust: 0.3
vendor:	netscreen	model:	instant virtual extranet	scope:	eq	version:	3.3	Trust: 0.3
vendor:	netscreen	model:	screenos r1	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	netscreen	model:	screenos r8	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	netscreen	model:	ns-204 [version 0110 - ] .0r3a	scope:	eq	version:	5.1	Trust: 0.3
vendor:	netscreen	model:	screenos	scope:	eq	version:	2.5	Trust: 0.3
vendor:	juniper	model:	netscreen-idp	scope:	eq	version:	1003.0	Trust: 0.3
vendor:	netscreen	model:	screenos r2	scope:	eq	version:	4.0.3	Trust: 0.3
vendor:	netscreen	model:	screenos r1	scope:	eq	version:	2.7.1	Trust: 0.3
vendor:	netscreen	model:	screenos r3	scope:	eq	version:	2.6.1	Trust: 0.3
vendor:	netscreen	model:	screenos r2	scope:	eq	version:	1.73	Trust: 0.3
vendor:	netscreen	model:	screenos	scope:	eq	version:	4.0.3	Trust: 0.3
vendor:	netscreen	model:	screenos r5	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	netscreen	model:	ns-204 .0r6.0	scope:	eq	version:	5.0	Trust: 0.3
vendor:	netscreen	model:	screenos -dial	scope:	eq	version:	4.0	Trust: 0.3
vendor:	netscreen	model:	screenos r7	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	netscreen	model:	ns-500 [version 4110 - ] r10.0	scope:	eq	version:	4.0	Trust: 0.3
vendor:	netscreen	model:	screenos r3	scope:	eq	version:	4.0.3	Trust: 0.3
vendor:	netscreen	model:	screenos r5	scope:	eq	version:	4.0	Trust: 0.3
vendor:	netscreen	model:	screenos r9	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	netscreen	model:	screenos r1	scope:	eq	version:	4.0.1	Trust: 0.3

sources: BID: 14595 // JVNDB: JVNDB-2005-000498 // CNNVD: CNNVD-200508-259 // NVD: CVE-2005-2640

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-2640
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2005-2640
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200508-259
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-13849
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2005-2640
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-13849
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-13849 // JVNDB: JVNDB-2005-000498 // CNNVD: CNNVD-200508-259 // NVD: CVE-2005-2640

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-2640

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200508-259

TYPE

Design Error

Trust: 0.9

sources: BID: 14595 // CNNVD: CNNVD-200508-259

CONFIGURATIONS

sources: JVNDB: JVNDB-2005-000498

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-13849

PATCH

title:

5212

url:

https://www.juniper.net/support/security/alerts/adv5212.txt

Trust: 0.8

sources: JVNDB: JVNDB-2005-000498

EXTERNAL IDS

db:	BID	id:	14595	Trust: 2.8
db:	SECUNIA	id:	16474	Trust: 2.6
db:	NVD	id:	CVE-2005-2640	Trust: 2.5
db:	SECTRACK	id:	1014728	Trust: 1.7
db:	JVNDB	id:	JVNDB-2005-000498	Trust: 0.8
db:	CNNVD	id:	CNNVD-200508-259	Trust: 0.7
db:	BUGTRAQ	id:	20050818 JUNIPER NETSCREEN VPN USERNAME ENUMERATION VULNERABILITY	Trust: 0.6
db:	SEEBUG	id:	SSVID-79814	Trust: 0.1
db:	EXPLOIT-DB	id:	26168	Trust: 0.1
db:	VULHUB	id:	VHN-13849	Trust: 0.1
db:	PACKETSTORM	id:	39477	Trust: 0.1

sources: VULHUB: VHN-13849 // BID: 14595 // JVNDB: JVNDB-2005-000498 // PACKETSTORM: 39477 // CNNVD: CNNVD-200508-259 // NVD: CVE-2005-2640

REFERENCES

url:	http://secunia.com/advisories/16474/	Trust: 2.6
url:	http://www.securityfocus.com/bid/14595	Trust: 2.5
url:	http://www.nta-monitor.com/news/vpn-flaws/juniper/netscreen/index.htm	Trust: 1.8
url:	http://securitytracker.com/id?1014728	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=112438068426034&w=2	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2640	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-2640	Trust: 0.8
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=112438068426034&w=2	Trust: 0.6
url:	http://www.juniper.net/	Trust: 0.3
url:	http://www.netscreen.com/index.html	Trust: 0.3
url:	/archive/1/408478	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=112438068426034&w=2	Trust: 0.1
url:	http://secunia.com/product/1395/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/695/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/secunia_vacancies/	Trust: 0.1
url:	http://secunia.com/product/798/	Trust: 0.1
url:	http://secunia.com/product/2569/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1

sources: VULHUB: VHN-13849 // BID: 14595 // JVNDB: JVNDB-2005-000498 // PACKETSTORM: 39477 // CNNVD: CNNVD-200508-259 // NVD: CVE-2005-2640

CREDITS

Roy Hills Roy.Hills@nta-monitor.com

Trust: 0.6

sources: CNNVD: CNNVD-200508-259

SOURCES

db:	VULHUB	id:	VHN-13849
db:	BID	id:	14595
db:	JVNDB	id:	JVNDB-2005-000498
db:	PACKETSTORM	id:	39477
db:	CNNVD	id:	CNNVD-200508-259
db:	NVD	id:	CVE-2005-2640

LAST UPDATE DATE

2024-08-14T13:51:02.997000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-13849	date:	2016-10-18T00:00:00
db:	BID	id:	14595	date:	2005-08-18T00:00:00
db:	JVNDB	id:	JVNDB-2005-000498	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200508-259	date:	2007-02-19T00:00:00
db:	NVD	id:	CVE-2005-2640	date:	2016-10-18T03:29:16.917

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-13849	date:	2005-08-23T00:00:00
db:	BID	id:	14595	date:	2005-08-18T00:00:00
db:	JVNDB	id:	JVNDB-2005-000498	date:	2007-04-01T00:00:00
db:	PACKETSTORM	id:	39477	date:	2005-08-19T04:15:49
db:	CNNVD	id:	CNNVD-200508-259	date:	2005-08-23T00:00:00
db:	NVD	id:	CVE-2005-2640	date:	2005-08-23T04:00:00