Lucene search

[email protected]CVE-2001-1476

HistoryApr 21, 2005 - 4:00 a.m.

CVE-2001-1476

2005-04-2104:00:00

[email protected]

web.nvd.nist.gov

cve

ssh

password security

remote attack

rc4 encryption

user session replay

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.6%

JSON

SSH before 2.0, with RC4 encryption and the “disallow NULL passwords” option enabled, makes it easier for remote attackers to guess portions of user passwords by replaying user sessions with certain modifications, which trigger different messages depending on whether the guess is correct or not.

Affected configurations

NVD

Node

sshsshMatch1.2.24

sshsshMatch1.2.25

sshsshMatch1.2.26

sshsshMatch1.2.27

sshsshMatch1.2.28

sshsshMatch1.2.29

sshsshMatch1.2.30

sshsshMatch1.2.31

CPENameOperatorVersion
ssh:sshssheq1.2.24
ssh:sshssheq1.2.25
ssh:sshssheq1.2.26
ssh:sshssheq1.2.27
ssh:sshssheq1.2.28
ssh:sshssheq1.2.29
ssh:sshssheq1.2.30
ssh:sshssheq1.2.31

CPE	Name	Operator	Version
ssh:ssh	ssh	eq	1.2.24
ssh:ssh	ssh	eq	1.2.25
ssh:ssh	ssh	eq	1.2.26
ssh:ssh	ssh	eq	1.2.27
ssh:ssh	ssh	eq	1.2.28
ssh:ssh	ssh	eq	1.2.29
ssh:ssh	ssh	eq	1.2.30
ssh:ssh	ssh	eq	1.2.31

References

www.kb.cert.org/vuls/id/565052

exchange.xforce.ibmcloud.com/vulnerabilities/6490

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.6%

JSON

Related for CVE-2001-1476

nvd1 cvelist1