|
|
Info |
Last Modified |
| 5 months ago |
|
|
|
|
Description |
F5 FirePass contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an invalid login attempt is made in the login page at 'my.activation.php'. If the username exists in the local LDAP user directory, a slightly different error message will be displayed than in the case of a non-existent username. This will enable an attacker to enumerate valid usernames, resulting in a loss of confidentiality.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Information Disclosure
Impact:
Loss of Confidentiality
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
OSVDB:
Web Related
|
|
Solution |
Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a hotfixes to address this vulnerability. Users of series 6 of the software should apply hotfix 600-2 and users of series 5 should contact the vendor's technical support, as these hotfixes have been reported to address the issue.
|
|
Products |
|
FirePass
 |
5.0 |
5.5.1 |
6.0 |
5.5.2 |
5.4 |
5.2.1 |
|
|
|
|
Credit |
- Michael Ligh - mnin.org
- Greg Sinclair - gssincla
 nnlsoftware.com -
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
