CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
EPSS
Percentile
84.1%
OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and
versions, and possibly under limited configurations, allows remote
attackers to determine valid usernames via timing discrepancies in which
responses take longer for valid usernames than invalid ones, as
demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue
is dependent on the use of manually-set passwords that causes delays when
processing /etc/shadow due to an increased number of rounds.
Author | Note |
---|---|
kees | up to administrators to resolve module usage |