Exploitation Summary
EIP tracks 1 public exploit for CVE-2005-2640. PoCs published by Roy Hills.
AI-analyzed exploit summary This exploit demonstrates how to use ike-scan to enumerate valid VPN usernames in Juniper Netscreen VPN via IKE Aggressive Mode. It shows the difference in responses between valid and invalid usernames, enabling username enumeration.
Description
Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid.
Exploits (1)
This exploit demonstrates how to use ike-scan to enumerate valid VPN usernames in Juniper Netscreen VPN via IKE Aggressive Mode. It shows the difference in responses between valid and invalid usernames, enabling username enumeration.