logo
DATABASE RESOURCES PRICING ABOUT US

OpenSSH < 2.5.2 / 2.5.2p2 Multiple Information Disclosure Vulnerabilities

Description

According to its banner, the remote host appears to be running a version of OpenSSH earlier than 2.5.2 / 2.5.2p2. It, therefore, reportedly contains weaknesses in its implementation of the SSH protocol, both versions 1 and 2. These weaknesses could allow an attacker to sniff password lengths, and ranges of length (this could make brute-force password guessing easier), determine whether RSA or DSA authentication is being used, the number of authorized_keys in RSA authentication and/or the length of shell commands.


Related