SSH : Security Vulnerabilities, CVEs, Published In 1999 CVSS score >= 3
ssh 2.0.12, and possibly other versions, allows valid user names to attempt to enter the correct password multiple times, but only prompts an invalid user name for a password once, which allows remote attackers to determine user account names on the server.
Max CVSS
5.0
EPSS Score
0.24%
Published
1999-06-09
Updated
2017-12-19
SSH server (sshd2) before 2.0.12 does not properly record login attempts if the connection is closed before the maximum number of tries, allowing a remote attacker to guess the password without showing up in the audit logs.
Max CVSS
7.5
EPSS Score
0.87%
Published
1999-05-13
Updated
2017-12-19
In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will allow users with expired accounts to login.
Max CVSS
4.6
EPSS Score
0.04%
Published
1999-01-01
Updated
2022-08-17
A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials.
Max CVSS
10.0
EPSS Score
11.70%
Published
1999-01-01
Updated
2008-09-05
4 vulnerabilities found