CVE-2007-0195 - Vulnerability Details - OpenCVE

my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00703.

Key SSVC decision points have not yet been added.

Vendors	Products
F5	Firepass

Configuration 1 [-]

OR	cpe:2.3:h:f5:firepass:5.4:::::::*
	cpe:2.3:h:f5:firepass:5.4.1:::::::*
	cpe:2.3:h:f5:firepass:5.4.2:::::::*
	cpe:2.3:h:f5:firepass:5.4.3:::::::*
	cpe:2.3:h:f5:firepass:5.4.4:::::::*
	cpe:2.3:h:f5:firepass:5.4.5:::::::*
	cpe:2.3:h:f5:firepass:5.4.6:::::::*
	cpe:2.3:h:f5:firepass:5.4.7:::::::*
	cpe:2.3:h:f5:firepass:5.4.8:::::::*
	cpe:2.3:h:f5:firepass:5.4.9:::::::*
	cpe:2.3:h:f5:firepass:5.5:::::::*
	cpe:2.3:h:f5:firepass:5.5.1:::::::*
	cpe:2.3:h:f5:firepass:6.0:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2007-0197	my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051651.html
http://secunia.com/advisories/23627
http://www.mnin.org/advisories/2007_firepass.pdf
http://www.osvdb.org/32736
http://www.securityfocus.com/bid/21957
https://tech.f5.com/home/solutions/sol6923.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-01-11T02:00:00

Updated: 2024-08-07T12:12:17.464Z

Reserved: 2007-01-10T00:00:00

Link: CVE-2007-0195

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-01-12T05:04:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-0195

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-01-05T00:00:00", "descriptions": [{"lang": "en", "value": "my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2007-01-17T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://tech.f5.com/home/solutions/sol6923.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.mnin.org/advisories/2007_firepass.pdf"}, {"name": "32736", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/32736"}, {"name": "23627", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23627"}, {"name": "20070106 NNL-Labs & MNIN - F5 FirePass Security Advisory", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051651.html"}, {"name": "21957", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21957"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0195", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://tech.f5.com/home/solutions/sol6923.html", "refsource": "CONFIRM", "url": "https://tech.f5.com/home/solutions/sol6923.html"}, {"name": "http://www.mnin.org/advisories/2007_firepass.pdf", "refsource": "MISC", "url": "http://www.mnin.org/advisories/2007_firepass.pdf"}, {"name": "32736", "refsource": "OSVDB", "url": "http://www.osvdb.org/32736"}, {"name": "23627", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23627"}, {"name": "20070106 NNL-Labs & MNIN - F5 FirePass Security Advisory", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051651.html"}, {"name": "21957", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21957"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:12:17.464Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tech.f5.com/home/solutions/sol6923.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.mnin.org/advisories/2007_firepass.pdf"}, {"name": "32736", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/32736"}, {"name": "23627", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23627"}, {"name": "20070106 NNL-Labs & MNIN - F5 FirePass Security Advisory", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051651.html"}, {"name": "21957", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21957"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0195", "datePublished": "2007-01-11T02:00:00", "dateReserved": "2007-01-10T00:00:00", "dateUpdated": "2024-08-07T12:12:17.464Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:f5:firepass:5.4:*:*:*:*:*:*:*", "matchCriteriaId": "0D1F4903-B7FB-4F0E-A4F0-5BC813F5BA22", "vulnerable": true}, {"criteria": "cpe:2.3:h:f5:firepass:5.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "FD7A44F4-212D-445E-A283-8CC68C7415DE", "vulnerable": true}, {"criteria": "cpe:2.3:h:f5:firepass:5.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "8BEFC14C-CD35-43BD-BCC9-CD437DAC688D", "vulnerable": true}, {"criteria": "cpe:2.3:h:f5:firepass:5.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "DAE893BF-A7DA-4FEC-9290-0FD202EC0D8F", "vulnerable": true}, {"criteria": "cpe:2.3:h:f5:firepass:5.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "3347FD7A-49F6-464B-A3DA-4D9DD8B0955C", "vulnerable": true}, {"criteria": "cpe:2.3:h:f5:firepass:5.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "34DE479A-5D1B-4A21-94AE-D613BA9E6120", "vulnerable": true}, {"criteria": "cpe:2.3:h:f5:firepass:5.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "A9767F21-1539-4313-B2DA-2D368CADDA66", "vulnerable": true}, {"criteria": "cpe:2.3:h:f5:firepass:5.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "0286D438-6F1B-4D91-9A5B-CF12FEDDF427", "vulnerable": true}, {"criteria": "cpe:2.3:h:f5:firepass:5.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "0ADF9E53-79F7-4678-A599-20385EEF993C", "vulnerable": true}, {"criteria": "cpe:2.3:h:f5:firepass:5.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "E646309D-AAF0-48D7-B8FF-A57DFAADCF05", "vulnerable": true}, {"criteria": "cpe:2.3:h:f5:firepass:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "186F19A2-C1F4-4D87-828B-6825B89F9C9D", "vulnerable": true}, {"criteria": "cpe:2.3:h:f5:firepass:5.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "48D051A9-891E-4C1F-904C-058B37F95441", "vulnerable": true}, {"criteria": "cpe:2.3:h:f5:firepass:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "0BDC49A3-D95D-4DDA-AAFD-4C58C7BA5042", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account."}, {"lang": "es", "value": "my.activation.php3 en F5 FirePass 5.4 hasta 5.5.1 y 6.0 muestra distintos mensajes de error para intentos de autenticaci\u00f3n fallidos con nombre de usuario v\u00e1lido para aquellos con un nombre de usuario inv\u00e1lido, lo cual permite a atacantes remotos confirmar la validez de una cuenta LDAP."}], "id": "CVE-2007-0195", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-01-12T05:04:00.000", "references": [{"source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051651.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/23627"}, {"source": "cve@mitre.org", "url": "http://www.mnin.org/advisories/2007_firepass.pdf"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/32736"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/21957"}, {"source": "cve@mitre.org", "url": "https://tech.f5.com/home/solutions/sol6923.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051651.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23627"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mnin.org/advisories/2007_firepass.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/32736"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/21957"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://tech.f5.com/home/solutions/sol6923.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}