Описание
OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | ignored | not security vulnerability |
| edgy | ignored | end of life |
| feisty | ignored | end of life |
| gutsy | ignored | end of life |
| upstream | needs-triage |
Показывать по
Ссылки на источники
5 Medium
CVSS2
Связанные уязвимости
OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabl ...
OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
5 Medium
CVSS2