SOL6876 - OpenSSH vulnerabilities CVE-2006-5052

This security advisory describes an OpenSSH vulnerability. OpenSSH versions previous to version 4.4, on platforms with GSSAPI enabled, allow remote attackers to determine the validity of usernames through a Generic Security Services Application Program Interface (GSSAPI) authentication abort response.

Important: F5 disables GSSAPI by default, although some third-party platforms have GSSAPI enabled.

The authentication abort response is issued when GSSAPI is enabled and a user attempts to log in a certain number of times using an incorrect password. Remote attackers can use thisauthentication abort response to validate whether the username exists on the system.

Information about this advisory is available at the following location:

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052&gt;

Note: This link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.