ssh 2.0.12, and possibly other versions, allows valid user names to attempt to enter the correct password multiple times, but only prompts an invalid user name for a password once, which allows remote attackers to determine user account names on the server.
Max CVSS
5.0
EPSS Score
0.24%
Published
1999-06-09
Updated
2017-12-19
SSH server (sshd2) before 2.0.12 does not properly record login attempts if the connection is closed before the maximum number of tries, allowing a remote attacker to guess the password without showing up in the audit logs.
Max CVSS
7.5
EPSS Score
0.87%
Published
1999-05-13
Updated
2017-12-19
In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will allow users with expired accounts to login.
Max CVSS
4.6
EPSS Score
0.04%
Published
1999-01-01
Updated
2022-08-17
A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials.
Max CVSS
10.0
EPSS Score
11.70%
Published
1999-01-01
Updated
2008-09-05
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!