Description
Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid.
Exploits (1)
exploitdb
SCANNER
VERIFIED
by Roy Hills · textremotehardware
https://www.exploit-db.com/exploits/26168
References (5)
Core 5
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/14595
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112438068426034&w=2
Exploit, Vendor Advisory x_refsource_misc
http://www.nta-monitor.com/news/vpn-flaws/juniper/netscreen/index.htm
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1014728
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/16474/
Scores
EPSS
0.0588
EPSS Percentile
90.7%
Details
Status
published
Products (50)
juniper/netscreen-5gt
5.0
juniper/netscreen-idp
3.0
juniper/netscreen-idp
3.0r1
juniper/netscreen-idp
3.0r2
juniper/netscreen-idp_10
3.0.1_r1
juniper/netscreen-idp_100
3.0.1_r1
juniper/netscreen-idp_1000
3.0.1_r1
juniper/netscreen-idp_500
3.0.1_r1
juniper/netscreen_screenos
1.7
juniper/netscreen_screenos
1.64
... and 40 more
Published
Aug 23, 2005
Tracked Since
Feb 18, 2026