Lucene search

K
cve[email protected]CVE-2006-5229
HistoryOct 10, 2006 - 11:07 p.m.

CVE-2006-5229

2006-10-1023:07:00
CWE-200
web.nvd.nist.gov
32
openssh
timing discrepancies
username detection
suse linux
vulnerability
cve-2006-5229

5.7 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.01 Low

EPSS

Percentile

83.7%

OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds.

CPENameOperatorVersion
openbsd:opensshopenbsd openssheq4.1

5.7 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.01 Low

EPSS

Percentile

83.7%

Related for CVE-2006-5229