8.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:P/I:N/A:C
0.164 Low
EPSS
Percentile
95.9%
The OpenSSH server, when keyboard-interactive challenge response authentication is enabled and PAM is being used (the default configuration in Mageia), can be tricked into allowing more password attempts than the MaxAuthTries setting would normally allow in one connection, which can aid an attacker in brute-force password guessing (CVE-2015-5600).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 4 | noarch | openssh | < 6.2p2-3.4 | openssh-6.2p2-3.4.mga4 |
Mageia | 5 | noarch | openssh | < 6.6p1-5.3 | openssh-6.6p1-5.3.mga5 |