CVE-2005-2640

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
23/08/2005
Last modified:
03/04/2025

Description

Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:neoteris:instant_virtual_extranet:3.0:*:*:*:*:*:*:*
cpe:2.3:a:neoteris:instant_virtual_extranet:3.1:*:*:*:*:*:*:*
cpe:2.3:a:neoteris:instant_virtual_extranet:3.2:*:*:*:*:*:*:*
cpe:2.3:a:neoteris:instant_virtual_extranet:3.3:*:*:*:*:*:*:*
cpe:2.3:a:neoteris:instant_virtual_extranet:3.3.1:*:*:*:*:*:*:*
cpe:2.3:o:juniper:netscreen_screenos:1.7:*:*:*:*:*:*:*
cpe:2.3:o:juniper:netscreen_screenos:1.64:*:*:*:*:*:*:*
cpe:2.3:o:juniper:netscreen_screenos:1.66:*:*:*:*:*:*:*
cpe:2.3:o:juniper:netscreen_screenos:1.66_r2:*:*:*:*:*:*:*
cpe:2.3:o:juniper:netscreen_screenos:1.73_r1:*:*:*:*:*:*:*
cpe:2.3:o:juniper:netscreen_screenos:1.73_r2:*:*:*:*:*:*:*
cpe:2.3:o:juniper:netscreen_screenos:2.0.1_r8:*:*:*:*:*:*:*
cpe:2.3:o:juniper:netscreen_screenos:2.1:*:*:*:*:*:*:*
cpe:2.3:o:juniper:netscreen_screenos:2.1_r6:*:*:*:*:*:*:*
cpe:2.3:o:juniper:netscreen_screenos:2.1_r7:*:*:*:*:*:*:*