CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
92.9%
sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190.
Vendor | Product | Version | CPE |
---|---|---|---|
openbsd | openssh | 1.2 | cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:* |
openbsd | openssh | 1.2.1 | cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:* |
openbsd | openssh | 1.2.2 | cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:* |
openbsd | openssh | 1.2.3 | cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:* |
openbsd | openssh | 1.2.27 | cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:* |
openbsd | openssh | 1.3 | cpe:2.3:a:openbsd:openssh:1.3:*:*:*:*:*:*:* |
openbsd | openssh | 1.5 | cpe:2.3:a:openbsd:openssh:1.5:*:*:*:*:*:*:* |
openbsd | openssh | 1.5.7 | cpe:2.3:a:openbsd:openssh:1.5.7:*:*:*:*:*:*:* |
openbsd | openssh | 1.5.8 | cpe:2.3:a:openbsd:openssh:1.5.8:*:*:*:*:*:*:* |
openbsd | openssh | 2 | cpe:2.3:a:openbsd:openssh:2:*:*:*:*:*:*:* |