PT-2009-3807 · Pam Ssh · Pam Ssh

Kai Krakow

Published

2009-04-08

Updated

2009-05-13

CVE-2009-1273

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions pam ssh version 1.92

Description The issue allows remote attackers to enumerate usernames more easily due to different error messages generated for valid and invalid usernames.

Recommendations For pam ssh version 1.92, consider modifying the error message handling to prevent disclosure of username validity as a temporary workaround until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

CVE-2009-1273

OPENSUSE-SU-2024:10464-1

Affected Products

Pam Ssh

PT-2009-3807 · Pam Ssh · Pam Ssh

CVE-2009-1273

Weakness Enumeration

Related Identifiers

Affected Products

References · 9