WatchGuard Firebox MS-CHAPv2 Authentication Remote User Enumeration Weakness

info
discussion
exploit
solution
references

WatchGuard Firebox MS-CHAPv2 Authentication Remote User Enumeration Weakness

WatchGuard Firebox is prone to a user-enumeration weakness.

An attacker may leverage this issue to harvest valid usernames, which may aid in brute-force attacks.

Versions prior to WatchGuard Firebox 10 are vulnerable.