CVE-2000-1037 Information

Description

Check Point Firewall-1 session agent 3.0 through 4.1 generates different error messages for invalid user names versus invalid passwords which allows remote attackers to determine valid usernames and guess a password via a brute force attack.

Reference

http://www.securityfocus.com/archive/1/76389 http://www.securityfocus.com/bid/1662