2.6

CVE-2006-5229

EPSS 37.83%
Published 10.10.2006 23:07:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime.  NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds.

Affected products Warnungen 0 Metrics 2 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Openbsd ≫ Openssh Version4.1

Novell ≫ Suse Linux

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	37.83%	0.971

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://secunia.com/advisories/25979

Vendor Advisory

http://www.osvdb.org/32721

http://www.securityfocus.com/archive/1/448025/100/0/threaded

http://www.securityfocus.com/archive/1/448108/100/0/threaded

http://www.securityfocus.com/archive/1/448156/100/0/threaded

http://www.securityfocus.com/archive/1/448702/100/0/threaded

http://www.securityfocus.com/bid/20418

http://www.sybsecurity.com/hack-proventia-1.pdf

http://www.vupen.com/english/advisories/2007/2545

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2006-5229

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-5229

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-5229

EUVD