PT-1999-1616 · Openssh · Openssh

Published

1999-06-09

Updated

2017-12-19

CVE-1999-1231

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 2.0.13, possibly including 2.0.12

Description The issue allows remote attackers to determine user account names on the server by exploiting a difference in password prompts for valid and invalid user names. A valid user name can attempt to enter the correct password multiple times, while an invalid user name is only prompted for a password once.

Recommendations For versions prior to 2.0.13, including 2.0.12, update to version 2.0.13 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-1999-1231

Affected Products

Openssh

PT-1999-1616 · Openssh · Openssh

CVE-1999-1231

Related Identifiers

Affected Products

References · 3