2.6

CVE-2006-5229

EPSS 37.83%
Veröffentlicht 10.10.2006 23:07:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime.  NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openbsd ≫ Openssh Version4.1

Novell ≫ Suse Linux

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	37.83%	0.971

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://secunia.com/advisories/25979

Vendor Advisory

http://www.osvdb.org/32721

http://www.securityfocus.com/archive/1/448025/100/0/threaded

http://www.securityfocus.com/archive/1/448108/100/0/threaded

http://www.securityfocus.com/archive/1/448156/100/0/threaded

http://www.securityfocus.com/archive/1/448702/100/0/threaded

http://www.securityfocus.com/bid/20418

http://www.sybsecurity.com/hack-proventia-1.pdf

http://www.vupen.com/english/advisories/2007/2545

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2006-5229

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-5229

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-5229

EUVD