Businesses using Symantec's Enterprise Firewall have been warned of a new security risk that could enable a hacker to login to a company's network. NTA Monitor said that if the firewall is configured for remote access (client-to-gateway) virtual private network (VPN) using pre-shared key (PSK) authentication, it would respond differently to valid and invalid usernames.
It is also possible to use this vulnerability to enumerate valid users on the system, either by brute-force or by trying likely usernames, NTA Monitor warned.
Roy Hills, Technical Director at NTA Monitor, found the flaw andsaid, "There are two particularly interesting points to bear in mind when discussing this flaw - firstly, this type of flaw has been known about for almost 30 years and secondly, Symantec is not the only vendor to suffer from this problem." NTA Monitor said it has encountered a similar problem in equipment from Cisco and CheckPoint.
Symantec has issued an advisory and workaround on the flaw.