[Full-Disclosure] Nortel Networks Contivity VPN Client information leakage vulnerability

From: Network Intelligence (I) Pvt. Ltd. (info_at_nii.co.in)
Date: 11/10/04

  • Next message: class 101: "[Full-Disclosure] [Advisory + Exploit] SlimFTPd <= 3.15"
    To: bugtraq@securityfocus.com, "full-disclosure@lists.netsys.com" <full-disclosure@lists.netsys.com>, "vulnwatch@vulnwatch.org" <vulnwatch@vulnwatch.org>
    Date: Wed, 10 Nov 2004 13:21:08 +0530
    
    

    Name: User Account Enumeration in Nortel Contivity VPN
    Vendor: Nortel Networks
    Products Affected: Nortel Networks Contivity VPN Client
    Type: Remote User Account Enumeration
    Severity: Medium

    I. Overview
    The Nortel Networks Contivity VPN Client authentication error message
    provides more information than is necessary, thus allowing an attacker
    to discover existing users on the system. This bug was discovered as
    part of a penetration test we carried out on the VPN server of a client.

    II. Description
    1. If a valid user name and an invalid password is given, the Contivity
    VPN Client displays "Login Failure due to: authentication failure"
    2. If an invalid user name is given, the Contivity VPN Client displays
    "Login Failed: Please verify the entered login information is correct".

    III. Impact
    The different error messages could enable a malicious person to guess
    valid user names on the Contivity VPN/Firewall, and then launch
    password-guessing attacks against these accounts.

    IV. Solution
    This issue is resolved in Contivity VPN Client for Windows V5.01_030

    Refer to the CERT VU Note at
    http://www.kb.cert.org/vuls/id/830214 and our full advisory at
    http://www.nii.co.in/vuln/contivity.html
    for information about vendor response, applying the patches, and other
    technical details.

    V. About Network Intelligence India
    We're a leading provider of information security services and products.
    Our AuditPro suite of security assessment software provides
    comprehensive, policy-based security audits for Windows 2000, 2003, XP,
    Redhat Linux, Sun Solaris, Oracle and MS SQL Servers. For more
    information, visit us at http://www.nii.co.in

    **** Happy Diwali AND Eid Mubarak! ****

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: class 101: "[Full-Disclosure] [Advisory + Exploit] SlimFTPd <= 3.15"