Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-20012

Опубликовано: 07 фев. 2016
Источник: redhat
CVSS3: 5.9
EPSS Средний

Описание

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product

Отчет

Although a CVE was assigned upstream and Red Hat doesn't consider it to be a security flaw and won't receive any patch, also the CVE was made as disputed by MITRE. Considering that Red Hat is closing this flaw as NOTABUG.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6opensshOut of support scope
Red Hat Enterprise Linux 7opensshOut of support scope
Red Hat Enterprise Linux 8opensshFix deferred
Red Hat Enterprise Linux 9opensshFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=2048523openssh: Public key information leak

EPSS

Процентиль: 94%
0.14039
Средний

5.9 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2016-20012

CVSS3: 5.3
ubuntu
почти 4 года назад

** DISPUTED ** OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product.

nvd логотип

CVE-2016-20012

CVSS3: 5.3
nvd
почти 4 года назад

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product

debian логотип

CVE-2016-20012

CVSS3: 5.3
debian
почти 4 года назад

OpenSSH through 8.7 allows remote attackers, who have a suspicion that ...

github логотип

GHSA-84j4-ccmw-hwpg

CVSS3: 5.3
github
около 3 лет назад

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session.

fstec логотип

BDU:2022-01880

CVSS3: 5.3
fstec
около 23 лет назад

Уязвимость средства криптографической защиты OpenSSH, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным

EPSS

Процентиль: 94%
0.14039
Средний

5.9 Medium

CVSS3