Lucene search

[email protected]CVE-2001-1476

HistoryJan 18, 2001 - 5:00 a.m.

CVE-2001-1476

2001-01-1805:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

ssh

password security

remote attack

rc4 encryption

user session replay

7.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.3%

JSON

SSH before 2.0, with RC4 encryption and the “disallow NULL passwords” option enabled, makes it easier for remote attackers to guess portions of user passwords by replaying user sessions with certain modifications, which trigger different messages depending on whether the guess is correct or not.

CPENameOperatorVersion
ssh:sshssheq1.2.31
ssh:sshssheq1.2.24
ssh:sshssheq1.2.25
ssh:sshssheq1.2.30
ssh:sshssheq1.2.26
ssh:sshssheq1.2.27
ssh:sshssheq1.2.28
ssh:sshssheq1.2.29

CPE	Name	Operator	Version
ssh:ssh	ssh	eq	1.2.31
ssh:ssh	ssh	eq	1.2.24
ssh:ssh	ssh	eq	1.2.25
ssh:ssh	ssh	eq	1.2.30
ssh:ssh	ssh	eq	1.2.26
ssh:ssh	ssh	eq	1.2.27
ssh:ssh	ssh	eq	1.2.28
ssh:ssh	ssh	eq	1.2.29

References

www.kb.cert.org/vuls/id/565052

exchange.xforce.ibmcloud.com/vulnerabilities/6490

7.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.3%

JSON