[原文]Check Point VPN-1 4.1SP4 using SecuRemote returns different error messages for valid and invalid users, with prompts that vary depending on the authentication method being used, which makes it easier for remote attackers to conduct brute force attacks.
使用SecuRemote的Check Point VPN-1 4.1SP4版本对于有效和无效的用户返回不同的出错消息，提示的变化取决于被使用的认证方法，远程攻击者可以借助该漏洞更容易地进行蛮力攻击。
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org .
Check Point VPN-1 SecuRemote Error Message Account Enumeration
Remote / Network Access
Loss of Confidentiality
Check Point VPN-1 SecuRemote contains a flaw related to the user validation process that may allow an attacker to guess existing usernames : A failed login due to an incorrect username or password will result in different responses.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.