Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2005-2640

Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid.

Published

2005-08-23T04:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	neoteris	instant_virtual_extranet	3.0	Yes
Application	neoteris	instant_virtual_extranet	3.1	Yes
Application	neoteris	instant_virtual_extranet	3.2	Yes
Application	neoteris	instant_virtual_extranet	3.3	Yes
Application	neoteris	instant_virtual_extranet	3.3.1	Yes
Operating System	juniper	netscreen_screenos	1.7	Yes
Operating System	juniper	netscreen_screenos	1.64	Yes
Operating System	juniper	netscreen_screenos	1.66	Yes
Operating System	juniper	netscreen_screenos	1.66_r2	Yes
Operating System	juniper	netscreen_screenos	1.73_r1	Yes
Operating System	juniper	netscreen_screenos	1.73_r2	Yes
Operating System	juniper	netscreen_screenos	2.0.1_r8	Yes
Operating System	juniper	netscreen_screenos	2.1	Yes
Operating System	juniper	netscreen_screenos	2.1_r6	Yes
Operating System	juniper	netscreen_screenos	2.1_r7	Yes
Operating System	juniper	netscreen_screenos	2.5	Yes
Operating System	juniper	netscreen_screenos	2.5r1	Yes
Operating System	juniper	netscreen_screenos	2.5r2	Yes
Operating System	juniper	netscreen_screenos	2.5r6	Yes
Operating System	juniper	netscreen_screenos	2.6.0	Yes
Operating System	juniper	netscreen_screenos	2.6.1	Yes
Operating System	juniper	netscreen_screenos	2.6.1r1	Yes
Operating System	juniper	netscreen_screenos	2.6.1r2	Yes
Operating System	juniper	netscreen_screenos	2.6.1r3	Yes
Operating System	juniper	netscreen_screenos	2.6.1r4	Yes
Operating System	juniper	netscreen_screenos	2.6.1r5	Yes
Operating System	juniper	netscreen_screenos	2.6.1r6	Yes
Operating System	juniper	netscreen_screenos	2.6.1r7	Yes
Operating System	juniper	netscreen_screenos	2.6.1r8	Yes
Operating System	juniper	netscreen_screenos	2.6.1r9	Yes
Operating System	juniper	netscreen_screenos	2.6.1r10	Yes
Operating System	juniper	netscreen_screenos	2.6.1r11	Yes
Operating System	juniper	netscreen_screenos	2.6.1r12	Yes
Operating System	juniper	netscreen_screenos	2.7.1	Yes
Operating System	juniper	netscreen_screenos	2.7.1r1	Yes
Operating System	juniper	netscreen_screenos	2.7.1r2	Yes
Operating System	juniper	netscreen_screenos	2.7.1r3	Yes
Operating System	juniper	netscreen_screenos	2.8	Yes
Operating System	juniper	netscreen_screenos	2.8_r1	Yes
Operating System	juniper	netscreen_screenos	2.10_r3	Yes
Operating System	juniper	netscreen_screenos	2.10_r4	Yes
Operating System	juniper	netscreen_screenos	3.0.0	Yes
Operating System	juniper	netscreen_screenos	3.0.0r1	Yes
Operating System	juniper	netscreen_screenos	3.0.0r2	Yes
Operating System	juniper	netscreen_screenos	3.0.0r3	Yes
Operating System	juniper	netscreen_screenos	3.0.0r4	Yes
Operating System	juniper	netscreen_screenos	3.0.1	Yes
Operating System	juniper	netscreen_screenos	3.0.1r1	Yes
Operating System	juniper	netscreen_screenos	3.0.1r2	Yes
Operating System	juniper	netscreen_screenos	3.0.1r3	Yes
Operating System	juniper	netscreen_screenos	3.0.1r4	Yes
Operating System	juniper	netscreen_screenos	3.0.1r5	Yes
Operating System	juniper	netscreen_screenos	3.0.1r6	Yes
Operating System	juniper	netscreen_screenos	3.0.1r7	Yes
Operating System	juniper	netscreen_screenos	3.0.2	Yes
Operating System	juniper	netscreen_screenos	3.0.3	Yes
Operating System	juniper	netscreen_screenos	3.0.3_r1.1	Yes
Operating System	juniper	netscreen_screenos	3.0.3r1	Yes
Operating System	juniper	netscreen_screenos	3.0.3r2	Yes
Operating System	juniper	netscreen_screenos	3.0.3r3	Yes
Operating System	juniper	netscreen_screenos	3.0.3r4	Yes
Operating System	juniper	netscreen_screenos	3.0.3r5	Yes
Operating System	juniper	netscreen_screenos	3.0.3r6	Yes
Operating System	juniper	netscreen_screenos	3.0.3r7	Yes
Operating System	juniper	netscreen_screenos	3.0.3r8	Yes
Operating System	juniper	netscreen_screenos	3.1.0	Yes
Operating System	juniper	netscreen_screenos	3.1.0r1	Yes
Operating System	juniper	netscreen_screenos	3.1.0r2	Yes
Operating System	juniper	netscreen_screenos	3.1.0r3	Yes
Operating System	juniper	netscreen_screenos	3.1.0r4	Yes
Operating System	juniper	netscreen_screenos	3.1.0r5	Yes
Operating System	juniper	netscreen_screenos	3.1.0r6	Yes
Operating System	juniper	netscreen_screenos	3.1.0r7	Yes
Operating System	juniper	netscreen_screenos	3.1.0r8	Yes
Operating System	juniper	netscreen_screenos	3.1.0r9	Yes
Operating System	juniper	netscreen_screenos	3.1.0r10	Yes
Operating System	juniper	netscreen_screenos	3.1.0r11	Yes
Operating System	juniper	netscreen_screenos	3.1.0r12	Yes
Operating System	juniper	netscreen_screenos	3.1.1_r2	Yes
Operating System	juniper	netscreen_screenos	4.0.0	Yes
Operating System	juniper	netscreen_screenos	4.0.0	Yes
Operating System	juniper	netscreen_screenos	4.0.0r1	Yes
Operating System	juniper	netscreen_screenos	4.0.0r2	Yes
Operating System	juniper	netscreen_screenos	4.0.0r3	Yes
Operating System	juniper	netscreen_screenos	4.0.0r4	Yes
Operating System	juniper	netscreen_screenos	4.0.0r5	Yes
Operating System	juniper	netscreen_screenos	4.0.0r6	Yes
Operating System	juniper	netscreen_screenos	4.0.0r7	Yes
Operating System	juniper	netscreen_screenos	4.0.0r8	Yes
Operating System	juniper	netscreen_screenos	4.0.0r9	Yes
Operating System	juniper	netscreen_screenos	4.0.0r10	Yes
Operating System	juniper	netscreen_screenos	4.0.0r11	Yes
Operating System	juniper	netscreen_screenos	4.0.0r12	Yes
Operating System	juniper	netscreen_screenos	4.0.1	Yes
Operating System	juniper	netscreen_screenos	4.0.1r1	Yes
Operating System	juniper	netscreen_screenos	4.0.1r2	Yes
Operating System	juniper	netscreen_screenos	4.0.1r3	Yes
Operating System	juniper	netscreen_screenos	4.0.1r4	Yes
Operating System	juniper	netscreen_screenos	4.0.1r5	Yes
Operating System	juniper	netscreen_screenos	4.0.1r6	Yes
Operating System	juniper	netscreen_screenos	4.0.1r7	Yes
Operating System	juniper	netscreen_screenos	4.0.1r8	Yes
Operating System	juniper	netscreen_screenos	4.0.1r9	Yes
Operating System	juniper	netscreen_screenos	4.0.1r10	Yes
Operating System	juniper	netscreen_screenos	4.0.2	Yes
Operating System	juniper	netscreen_screenos	4.0.3	Yes
Operating System	juniper	netscreen_screenos	4.0.3r1	Yes
Operating System	juniper	netscreen_screenos	4.0.3r2	Yes
Operating System	juniper	netscreen_screenos	4.0.3r3	Yes
Operating System	juniper	netscreen_screenos	4.0.3r4	Yes
Operating System	juniper	netscreen_screenos	5.0.0	Yes
Operating System	juniper	netscreen_screenos	5.1.0	Yes
Operating System	juniper	netscreen_screenos	5.1.0r3a	Yes
Operating System	juniper	netscreen_screenos	5.2.0	Yes
Operating System	netscreen	ns-10	*	Yes
Operating System	netscreen	ns-100	3.0_.pe1.0	Yes
Operating System	netscreen	ns-204	5.0.0_r6.0	Yes
Operating System	netscreen	ns-204	0110.0_11_4.0_r10.0	Yes
Operating System	netscreen	ns-204	0110.0_11_5.1.0_r3a	Yes
Operating System	netscreen	ns-500	4110.0_11_4.0_r10.0	Yes
Operating System	netscreen	ns-500	4110.0_11_5.1.0_r3a	Yes
Operating System	netscreen	ns-50ns25	5.0.0_r6.0	Yes
Hardware	juniper	netscreen-5gt	5.0	Yes
Hardware	juniper	netscreen-idp	3.0	Yes
Hardware	juniper	netscreen-idp	3.0r1	Yes
Hardware	juniper	netscreen-idp	3.0r2	Yes
Hardware	juniper	netscreen-idp_10	3.0.1_r1	Yes
Hardware	juniper	netscreen-idp_100	3.0.1_r1	Yes
Hardware	juniper	netscreen-idp_1000	3.0.1_r1	Yes
Hardware	juniper	netscreen-idp_500	3.0.1_r1	Yes
Hardware	netscreen	netscreen-sa_5000_series	*	Yes
Hardware	netscreen	netscreen-sa_5020_series	4.2_r2.2	Yes
Hardware	netscreen	netscreen-sa_5050_series	4.2_r2.2	Yes

References

http://marc.info/?l=bugtraq&m=112438068426034&w=2 ([email protected])
http://secunia.com/advisories/16474/ Vendor Advisory ([email protected])
http://securitytracker.com/id?1014728 ([email protected])
http://www.nta-monitor.com/news/vpn-flaws/juniper/netscreen/index.htm Exploit, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/14595 Exploit ([email protected])
http://marc.info/?l=bugtraq&m=112438068426034&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/16474/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1014728 (af854a3a-2127-422b-91ae-364da2661108)
http://www.nta-monitor.com/news/vpn-flaws/juniper/netscreen/index.htm Exploit, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/14595 Exploit (af854a3a-2127-422b-91ae-364da2661108)