Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
changepassword.cgi in Neoteris Instant Virtual Extranet (IVE) 3.x and 4.x, with LDAP authentication or NT domain authentication enabled, does not limit the number of times a bad password can be entered, which allows remote attackers to guess passwords via a brute force attack.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Juniper Neoteris IVE远程密码猜测攻击漏洞
Vulnerability Description
Juniper Neoteris IVE是可以通过标准WEB浏览器"无需客户端"访问内部网络的SSL VPN解决方案。 Juniper Neoteris IVE包含的changepassword.cgi存在问题,远程攻击者可以利用这个漏洞无限制地暴力猜测密码。 当用户密码过期并在后续继续尝试进行系统验证时,changepassword.cgi脚本没有对用户的访问进行限制和验证,此脚本允许用户尝试以过期的密码登录,并对验证尝试没有作任何限制。结果可导致拥有过期密码的合法用户帐户的远程用户可进行暴力猜测密码攻
CVSS Information
N/A
Vulnerability Type
N/A