[原文]The client authentication interface for Check Point Firewall-1 4.0 and earlier generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to identify valid usernames on the firewall.
Check Point FireWall-1 Valid Username Information Disclosure
Remote / Network Access
Loss of Confidentiality
FireWall-1 contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker supplies a login name, which will disclose the validity of the account resulting in a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.