Andrew J.korty : Security Vulnerabilities, CVEs, CVSS score >= 4
pam_ssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames.
Max CVSS
5.0
EPSS Score
1.06%
Published
2009-04-08
Updated
2009-05-13
1 vulnerabilities found