Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2013-4434

Published: 25/10/2013 Updated: 30/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Dropbear Ssh Project

Vulnerability Summary

Dropbear SSH Server prior to 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote malicious users to discover valid usernames.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

dropbear ssh project dropbear ssh

Vendor Advisories

Debian CVElist Bug Report Logs: dropbear: CVE-2013-4434: Avoid disclosing existence of valid users through inconsistent delays
Debian Bug report logs - #726118 dropbear: CVE-2013-4434: Avoid disclosing existence of valid users through inconsistent delays Package: dropbear; Maintainer for dropbear is Guilhem Moulin <guilhem@debianorg>; Source for dropbear is src:dropbear (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: Sat ...
Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware
Description of Problem A number of security vulnerabilities have been identified in firmware used in the Lights Out Management (LOM) component across all NetScaler-based hardware appliances: Citrix NetScaler Application Delivery Controller (ADC) Citrix NetScaler Gateway Citrix NetScaler Service Delivery Appliance Citrix CloudBridge (now NetScaler S ...

Github Repositories

https://github.com/styx00/Dropbear_CVE-2013-4434

Dropbear user enumeration (CVE-2013-4434) PoC

Dropbear_CVE-2013-4434 dropbear_CVE-2013-4434sh This script checks for [CVE-2013-4434] (cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2013-4434) Dropbear SSH Server before 201359 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to discover valid usernames

References

CWE-189https://matt.ucc.asn.au/dropbear/CHANGEShttp://secunia.com/advisories/55173https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409ahttp://www.openwall.com/lists/oss-security/2013/10/16/11http://lists.opensuse.org/opensuse-updates/2013-10/msg00061.htmlhttp://lists.opensuse.org/opensuse-updates/2013-11/msg00046.htmlhttp://www.securityfocus.com/bid/62993https://support.citrix.com/article/CTX216642https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726118https://nvd.nist.govhttps://github.com/styx00/Dropbear_CVE-2013-4434
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946CVE-2024-30309CVE-2024-4761CVE-2024-30051type confusionmemory leakCVE-2024-30293reflected XSSCVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook