CVE-2007-0195
F5 FirePass 5.4-5.5.1 and 6.0 - Username Enumeration via Login Error Messages
Title source: llmDescription
my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account.
References (6)
Core 6
Core References
Various Sources x_refsource_confirm
https://tech.f5.com/home/solutions/sol6923.html
Various Sources x_refsource_misc
http://www.mnin.org/advisories/2007_firepass.pdf
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/32736
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23627
Mailing List mailing-list
x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051651.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/21957
Scores
EPSS
0.0073
EPSS Percentile
72.9%
Details
Status
published
Products (13)
f5/firepass
5.4
f5/firepass
5.4.1
f5/firepass
5.4.2
f5/firepass
5.4.3
f5/firepass
5.4.4
f5/firepass
5.4.5
f5/firepass
5.4.6
f5/firepass
5.4.7
f5/firepass
5.4.8
f5/firepass
5.4.9
... and 3 more
Published
Jan 12, 2007
Tracked Since
Feb 18, 2026