CVE-1999-1231

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 2.0.13, possibly including 2.0.12

Description The issue allows remote attackers to determine user account names on the server by exploiting a difference in password prompts for valid and invalid user names. A valid user name can attempt to enter the correct password multiple times, while an invalid user name is only prompted for a password once.

Recommendations For versions prior to 2.0.13, including 2.0.12, update to version 2.0.13 or later to resolve the issue.