CVE-2001-1499

critical

Description

Check Point VPN-1 4.1SP4 using SecuRemote returns different error messages for valid and invalid users, with prompts that vary depending on the authentication method being used, which makes it easier for remote attackers to conduct brute force attacks.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/7343

http://www.securityfocus.com/bid/3470

http://www.securityfocus.com/archive/1/222479

http://www.securityfocus.com/archive/1/222366

http://www.osvdb.org/20210

Details

Source: Mitre, NVD

Published: 2001-12-31

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.00698