CVE-2007-2243

Опубликовано: 25 апр. 2007

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:4.4:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:4.5:*:*:*:*:*:*:*

cpe:2.3:a:openbsd:openssh:4.6:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00481

Низкий

5 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

CVE-2007-2243

ubuntu

больше 18 лет назад

CVE-2007-2243

debian

больше 18 лет назад

OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabl ...

GHSA-p5mx-m79g-73hx

github

больше 3 лет назад

EPSS

Процентиль: 64%

0.00481

Низкий

5 Medium

CVSS2

Дефекты

CWE-287