3 matches found
Design/Logic Flaw
OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483...
CVE-2001-1483
CVE-2001-1483 affects OPIE (One-Time Passwords In Everything) versions 2.32 and 2.4. It permits remote attackers to determine whether a user account exists by observing how passphrases are printed: random passphrases if the account does not exist, static passphrases if it does. This is an informa...
CVE-2001-1483
One-Time Passwords In Everything a.k.a OPIE 2.32 and 2.4 allows remote attackers to determine the existence of user accounts by printing random passphrases if the user account does not exist and static passphrases if the user account does exist...