Lucene search
K

3242 matches found

NVD
NVD
added 2003/12/31 5:0 a.m.23 views

CVE-2003-1562

sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password...

7.6CVSS9.5AI score0.05573EPSS
Exploits0References6
OSV
OSV
added 2003/12/31 5:0 a.m.2 views

DEBIAN-CVE-2003-1562

sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password...

7.6CVSS8.3AI score0.05573EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2003/12/31 12:0 a.m.12 views

PT-2003-2507 · Openssh +1 · Openssh +1

Name of the Vulnerable Software and Affected Versions: OpenSSH versions 3.6.1p2 and earlier Description: The issue allows remote attackers to potentially determine if the password step of a multi-step authentication is successful by using timing differences. This occurs when PermitRootLogin is...

10CVSS8AI score0.99506EPSS
Exploits207References342
securityvulns
securityvulns
added 2003/08/20 12:0 a.m.28 views

Entropy sources information leakage

Entropy sources can be used for keystrokes timing attack...

2.2AI score
Exploits0References1
NVD
NVD
added 2003/05/12 4:0 a.m.19 views

CVE-2003-0190

OpenSSH-portable OpenSSH 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack...

5CVSS9.2AI score0.76751EPSS
Exploits10References10
OSV
OSV
added 2003/05/12 4:0 a.m.1 views

DEBIAN-CVE-2003-0190

OpenSSH-portable OpenSSH 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack...

5CVSS9.2AI score0.76751EPSS
Exploits10References1
OSV
OSV
added 2003/05/12 4:0 a.m.11 views

CVE-2003-0190

OpenSSH-portable OpenSSH 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack...

6.3AI score
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2003/05/06 12:0 a.m.272 views

OpenSSH w/ PAM Multiple Timing Attack Weaknesses

The remote host seems to be running an SSH server that could allow an attacker to determine the existence of a given login by comparing the time the remote sshd daemon takes to refuse a bad password for a nonexistent login compared to the time it takes to refuse a bad password for a valid login. ...

7.6CVSS6.9AI score0.76751EPSS
Exploits10References2
securityvulns
securityvulns
added 2003/05/03 12:0 a.m.59 views

OpenSSH/PAM timing attack allows remote users identification

Security Advisory @ Mediaservice.net Srl 01, 30/04/2003 Data Security Division Title: OpenSSH/PAM timing attack allows remote users identification Application: OpenSSH-portable = 3.6.1p1 Platform: Linux, maybe others Description: A remote attacker can identify valid users on vulnerable systems, a...

5CVSS6.7AI score0.76751EPSS
Exploits10
exploitpack
exploitpack
added 2003/05/02 12:0 a.m.24 views

OpenSSHPAM 3.6.1p1 - gossh.sh Remote Users Ident

OpenSSHPAM 3.6.1p1 - gossh.sh Remote Users Ident !/bin/sh OpenSSH " exit 1 Verify the arguments. $ != 2 && usage Variables. USER="$1" HOST="$2" =-=-=-=-=-=-=-=-=-=-=-=-= Expect script functions =-=-=-=-=-=-=-=-=-=-=-=-= Expect script for password. expasswd cat expasswd spawn $SSHCMD expect...

7.5AI score
Exploits0
Cvelist
Cvelist
added 2003/05/02 12:0 a.m.26 views

CVE-2003-0190

OpenSSH-portable OpenSSH 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack...

9.2AI score0.76751EPSS
Exploits10References10
Debian CVE
Debian CVE
added 2003/05/02 12:0 a.m.39 views

CVE-2003-0190

OpenSSH-portable OpenSSH 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack...

5CVSS6.6AI score0.76751EPSS
Exploits10
CVE
CVE
added 2003/05/02 12:0 a.m.286 views

CVE-2003-0190

CVE-2003-0190 affects OpenSSH-portable/OpenSSH 3.6.1p1 and earlier with PAM enabled. The vulnerability is a timing side‑channel: when a login attempts with a non-existent username, an error is returned immediately, allowing remote attackers to determine valid usernames. This is an information dis...

5CVSS6.3AI score0.76751EPSS
Exploits10References10Affected Software1
Positive Technologies
Positive Technologies
added 2003/05/02 12:0 a.m.9 views

PT-2003-1109 · Openssh +1 · Openssh-Portable +1

Name of the Vulnerable Software and Affected Versions: OpenSSH-portable versions 3.6.1p1 and earlier Description: The issue allows remote attackers to determine valid usernames via a timing attack when a user does not exist, due to the immediate sending of an error message with PAM support enable...

10CVSS7.6AI score0.99506EPSS
Exploits207References350
RedHat Linux
RedHat Linux
added 2003/04/01 3:50 p.m.7 views

Important: Red Hat Security Advisory: : Updated OpenSSL packages fix vulnerabilities

Updated OpenSSL packages are available that fix a potential timing-based attack and a modified Bleichenbacher attack. OpenSSL is a commercial-grade, full-featured, and open source toolkit that implements Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a...

7.5CVSS7.3AI score0.06393EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2003/03/31 12:0 p.m.33 views

Important: Red Hat Security Advisory: openssl security update

Updated OpenSSL packages are available that fix a potential timing-based attack and a modified Bleichenbacher attack. Updated 30 May 2003 Added missing i686 packages. OpenSSL is a commercial-grade, full-featured, open source toolkit that implements the Secure Sockets Layer SSL v2/v3 and Transport...

7.5CVSS7.3AI score0.06393EPSS
Exploits0References4
NVD
NVD
added 2003/03/31 5:0 a.m.22 views

CVE-2003-0147

OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on 1 the number of extra reductions during Montgomery reduction, and 2 the use of different integer multiplication algorithms...

5CVSS6.1AI score0.06393EPSS
Exploits0References21
OSV
OSV
added 2003/03/31 5:0 a.m.7 views

CVE-2003-0147

OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on 1 the number of extra reductions during Montgomery reduction, and 2 the use of different integer multiplication algorithms...

6.2AI score
Exploits0References22
OSV
OSV
added 2003/03/31 5:0 a.m.1 views

DEBIAN-CVE-2003-0147

OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on 1 the number of extra reductions during Montgomery reduction, and 2 the use of different integer multiplication algorithms...

5CVSS8.9AI score0.06393EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2003/03/28 1:43 p.m.8 views

Important: Red Hat Security Advisory: apache, openssl security update for Stronghold

Updated versions of cross-platform Stronghold 4 are available to fix a number of vulnerabilities in OpenSSL and Apache. Stronghold 4 contains various open source technologies such as OpenSSL and Apache. A number of issues have been found in versions of these projects: Researchers discovered a...

7.5CVSS7.3AI score0.17413EPSS
Exploits8References3
Rows per page
Query Builder