CVE-2001-1499 — Improper Control of Interaction Frequency in Checkpoint Vpn-1

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.7%

top 28.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Checkpoint Vpn-1

Timeline

PublishedDec 31

Latest updateApr 30

Description

Check Point VPN-1 4.1SP4 using SecuRemote returns different error messages for valid and invalid users, with prompts that vary depending on the authentication method being used, which makes it easier for remote attackers to conduct brute force attacks.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcheckpoint/vpn-14.1

🔴Vulnerability Details

GHSA

GHSA-939j-m4fh-6c8j: Check Point VPN-1 4↗2022-04-30

▶

CVEList

CVE-2001-1499: Check Point VPN-1 4↗2005-06-21

▶