OpenSSH-portable (OpenSSH) 3.6.1p1 and previous versions with PAM support enabled immediately sends an error message when a user does not exist, which allows remote malicious users to determine valid usernames via a timing attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openbsd openssh |
||
openbsd openssh 3.6.1 |
||
openpkg openpkg 1.3 |
||
openpkg openpkg 1.2 |
||
siemens scalance_x204rna_ecc_firmware |
||
siemens scalance_x204rna_firmware |