Vulners
Lucene search
OpenSSH s/key Weakness
| Reporter | Title | Published | Views | Family All 95 |
|---|---|---|---|---|
 | OpenSSH < 4.7 Trusted X11 Cookie Connection Policy Bypass | 11 Sep 200700:00 | – | nessus |
| OpenSSH < 4.7 Trusted X11 Cookie Connection Policy Bypass | 4 Oct 201100:00 | – | nessus |
| OpenSSH S/KEY Authentication Account Enumeration | 18 Nov 201100:00 | – | nessus |
| SunSSH < 1.1.1 / 1.3 CBC Plaintext Disclosure | 29 Aug 201100:00 | – | nessus |
| Linux Distros Unpatched Vulnerability : CVE-2007-2243 | 24 Aug 202500:00 | – | nessus |
 | Security Bulletin: Astronomer with IBM is vulnerable to several issues due to open source packages | 19 Nov 202514:30 | – | ibm |
| Security Bulletin: Astronomer with IBM is vulnerable to several issues due to open source packages | 28 Nov 202519:13 | – | ibm |
 | Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs | 30 Dec 202218:03 | – | avleonov |
 | CVE-2007-2243 | 17 Aug 202502:42 | – | circl |
 | CVE-2007-2243 | 25 Apr 200716:00 | – | cve |
10
` _ _ _____ _ ___ _____ _ _
/ / / / ____/ / / _/_ __/ / / /
/ /_/ / __/ / / / / / / / /_/ /
/ __ / /___/ /____/ / / / / __ /
/_/ /_/_____/_____/___/ /_/ /_/ /_/
Helith - 0815
--------------------------------------------------------------------------------
Author : Rembrandt
Date : 2007-04-21
Affected Software: openssh (propably other implementations as well)
Affected OS : any
Type : Information Disclosure
OSVDB : 34600
CVE : 2007-2243
ISS X-Force: : 33794
BID : 23601
OpenSSH, when configured to use S/KEY authentication, is prone to a remote
information disclosure weakness. The issue occurs due to the S/KEY
challenge/response system being used for valid accounts. If a remote attacker
systematically attempsauthentication against a list of usernames, he can watch
the response to determine which accounts are valid.
If "ChallengeResponseAuthentication" is set to "Yes", which is the default
setting, OpenSSH allows the user to login by using S/KEY in the form of
'ssh userid:skey at hostname'.
Steps to reproduce:
$ ssh user@somewhere
Permission denied (publickey,keyboard-interactive).
$ ssh user:skey@somewhere
otp-md5 99 some04578
S/Key Password:
$
If the useraccount exist but is not configured to use S/KEY or if the
useraccount does not exist at the specific system the response looks normal.
$ ssh testuser:skey@somewhere
Permission denied (publickey,keyboard-interactive).
As you can see clearly OpenSSH discloses the existence of system accounts.
Kind regards,
Rembrandt
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
21 Apr 2007 00:00Current
9.5High risk
Vulners AI Score9.5
EPSS0.00441