CVE-2005-2640

Juniper Netscreen VPN <5.2.0 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-2640. PoCs published by Roy Hills.

AI-analyzed exploit summary This exploit demonstrates how to use ike-scan to enumerate valid VPN usernames in Juniper Netscreen VPN via IKE Aggressive Mode. It shows the difference in responses between valid and invalid usernames, enabling username enumeration.

Description

Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid.

Exploits (1)

exploitdb SCANNER VERIFIED
by Roy Hills · textremotehardware
https://www.exploit-db.com/exploits/26168

This exploit demonstrates how to use ike-scan to enumerate valid VPN usernames in Juniper Netscreen VPN via IKE Aggressive Mode. It shows the difference in responses between valid and invalid usernames, enabling username enumeration.

Classification
Scanner 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Juniper Netscreen VPN
No auth needed
Prerequisites: ike-scan tool · network access to target VPN
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/14595
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112438068426034&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1014728
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16474/

Scores

EPSS 0.0709
EPSS Percentile 93.5%

Details

Status published
Products (50)
juniper/netscreen-5gt 5.0
juniper/netscreen-idp 3.0
juniper/netscreen-idp 3.0r1
juniper/netscreen-idp 3.0r2
juniper/netscreen-idp_10 3.0.1_r1
juniper/netscreen-idp_100 3.0.1_r1
juniper/netscreen-idp_1000 3.0.1_r1
juniper/netscreen-idp_500 3.0.1_r1
juniper/netscreen_screenos 1.7
juniper/netscreen_screenos 1.64
... and 40 more
Published Aug 23, 2005
Tracked Since Feb 18, 2026