CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:P/I:N/A:C
EPSS
Percentile
97.2%
The OpenSSH server, when keyboard-interactive challenge response authentication is enabled and PAM is being used (the default configuration in Mageia), can be tricked into allowing more password attempts than the MaxAuthTries setting would normally allow in one connection, which can aid an attacker in brute-force password guessing (CVE-2015-5600).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 4 | noarch | openssh | < 6.2p2-3.4 | openssh-6.2p2-3.4.mga4 |
Mageia | 5 | noarch | openssh | < 6.6p1-5.3 | openssh-6.6p1-5.3.mga5 |