medium
5
CWE
NVD-CWE-Other
Advisory Published
Updated

CVE-2005-2640

First published: Sat Aug 20 2005(Updated: )

Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Neoteris Instant Virtual Extranet=3.0
Neoteris Instant Virtual Extranet=3.1
Neoteris Instant Virtual Extranet=3.3.1
Neoteris Instant Virtual Extranet=3.3
Neoteris Instant Virtual Extranet=3.2
Juniper ScreenOS=2.6.1r2
Juniper ScreenOS=2.6.1r12
Juniper ScreenOS=3.1.0r10
Juniper ScreenOS=4.0.0r5
Juniper ScreenOS=4.0.0
Juniper ScreenOS=3.0.3r5
Juniper ScreenOS=2.6.1r1
Juniper ScreenOS=4.0.0r2
Juniper ScreenOS=4.0.0r7
Juniper ScreenOS=2.6.1r8
Juniper ScreenOS=1.66
Juniper ScreenOS=2.5
Juniper ScreenOS=2.7.1
Juniper ScreenOS=4.0.1r1
Juniper ScreenOS=3.0.1r3
Juniper ScreenOS=2.5r6
Juniper ScreenOS=3.0.3r2
Juniper ScreenOS=4.0.0r4
Juniper ScreenOS=4.0.1r8
Juniper ScreenOS=3.1.0r4
Juniper ScreenOS=3.1.0r8
Juniper ScreenOS=4.0.0r6
Juniper ScreenOS=2.6.1r6
Juniper ScreenOS=4.0.0r11
Juniper ScreenOS=4.0.1r2
Juniper ScreenOS=3.0.3r1
Juniper ScreenOS=3.1.0r3
Juniper ScreenOS=2.6.1r7
Juniper ScreenOS=4.0.3r3
Juniper ScreenOS=3.0.2
Netscreen Ns-50ns25=5.0.0_r6.0
Netscreen Ns-204=5.0.0_r6.0
Juniper ScreenOS=2.8_r1
Juniper ScreenOS=4.0.2
Juniper ScreenOS=4.0.0r1
Juniper ScreenOS=1.64
Juniper ScreenOS=3.1.0r12
Juniper ScreenOS=2.6.1r11
Juniper ScreenOS=2.8
Juniper ScreenOS=2.10_r4
Juniper ScreenOS=2.6.1
Juniper ScreenOS=3.0.3
Juniper ScreenOS=3.1.0r2
Juniper ScreenOS=3.0.1r7
Juniper ScreenOS=3.0.0r3
Juniper ScreenOS=3.0.0r1
Juniper ScreenOS=1.7
Netscreen Ns-500=4110.0_11_5.1.0_r3a
Juniper ScreenOS=3.0.3_r1.1
Juniper ScreenOS=3.1.1_r2
Juniper ScreenOS=3.0.1r2
Juniper ScreenOS=3.1.0r5
Juniper ScreenOS=2.5r2
Juniper ScreenOS=2.1
Juniper Networks NetScreen-IDP 100=3.0_.pe1.0
Juniper ScreenOS=3.0.3r4
Juniper ScreenOS=2.10_r3
Juniper ScreenOS=4.0.0r9
Juniper ScreenOS=4.0.3r2
Juniper ScreenOS=2.7.1r3
Netscreen Ns-204=0110.0_11_4.0_r10.0
Juniper ScreenOS=3.1.0r7
Juniper ScreenOS=4.0.3r4
Juniper ScreenOS=3.1.0r9
Juniper ScreenOS=3.0.1r5
Juniper ScreenOS=4.0.1r7
Juniper ScreenOS=3.0.3r6
Juniper ScreenOS=3.0.0
Juniper ScreenOS=5.2.0
Juniper ScreenOS=4.0.1r5
Netscreen Ns-500=4110.0_11_4.0_r10.0
Juniper ScreenOS=1.66_r2
Juniper ScreenOS=3.0.0r4
Juniper ScreenOS=3.0.3r7
Juniper ScreenOS=4.0.1r6
Juniper ScreenOS=4.0.3
Juniper ScreenOS=5.1.0r3a
Juniper ScreenOS=1.73_r2
Juniper ScreenOS=2.6.1r5
Juniper ScreenOS=3.1.0
Juniper ScreenOS=4.0.1
Juniper ScreenOS=4.0.3r1
Juniper ScreenOS=4.0.1r3
Juniper ScreenOS=2.5r1
Juniper ScreenOS=4.0.0
Juniper ScreenOS=3.1.0r11
Juniper ScreenOS=2.1_r6
Juniper ScreenOS=2.7.1r1
Juniper ScreenOS=2.6.0
Juniper ScreenOS=3.0.3r3
Juniper ScreenOS=5.0.0
Juniper ScreenOS=4.0.0r10
Juniper ScreenOS=4.0.0r8
Juniper ScreenOS=3.1.0r6
Juniper ScreenOS=4.0.1r4
Juniper ScreenOS=2.6.1r10
Juniper ScreenOS=4.0.1r10
Juniper ScreenOS=2.6.1r9
Juniper ScreenOS=2.7.1r2
Juniper ScreenOS=4.0.0r12
Juniper ScreenOS=2.6.1r4
Juniper ScreenOS=3.1.0r1
Juniper ScreenOS=3.0.0r2
Juniper ScreenOS=3.0.1r4
Juniper ScreenOS=3.0.3r8
Juniper ScreenOS=1.73_r1
Juniper ScreenOS=3.0.1
Netscreen Ns-204=0110.0_11_5.1.0_r3a
Juniper ScreenOS=4.0.0r3
Juniper ScreenOS=2.1_r7
Juniper ScreenOS=2.6.1r3
Netscreen Ns-10
Juniper ScreenOS=5.1.0
Juniper ScreenOS=3.0.1r6
Juniper ScreenOS=2.0.1_r8
Juniper ScreenOS=4.0.1r9
Juniper ScreenOS=3.0.1r1
Juniper netscreen-idp 1000=3.0
Netscreen Netscreen-sa 5020 Series=4.2_r2.2
Juniper Networks NetScreen-IDP 100=3.0.1_r1
Juniper Networks IDP 500=3.0.1_r1
Juniper netscreen-idp 1000=3.0r1
Netscreen Netscreen-sa 5000 Series
Juniper netscreen-idp 1000=3.0r2
Juniper Netscreen-IDP 10=3.0.1_r1
Juniper Netscreen-5GT=5.0
Juniper netscreen-idp 1000=3.0.1_r1
Netscreen Netscreen-sa 5050 Series=4.2_r2.2

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2005-2640?

    CVE-2005-2640 is classified as a moderate severity vulnerability due to the potential for information disclosure.

  • How do I fix CVE-2005-2640?

    To fix CVE-2005-2640, upgrade Juniper Netscreen VPN running ScreenOS to version 5.2.1 or later.

  • What impact does CVE-2005-2640 have on my network?

    CVE-2005-2640 allows remote attackers to enumerate valid usernames, posing a risk of unauthorized access.

  • Which products are affected by CVE-2005-2640?

    CVE-2005-2640 affects Juniper Netscreen VPN devices running ScreenOS 5.2.0 and earlier.

  • Can CVE-2005-2640 be exploited remotely?

    Yes, CVE-2005-2640 can be exploited remotely if a vulnerable device is reachable over the network.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203