5
CVE-2009-1273
- EPSS 1.31%
- Veröffentlicht 08.04.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:06:55
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Loginpam_ssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Andrew J.Korty ≫ Pam Ssh Version1.92
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.31% | 0.668 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
http://bugs.gentoo.org/show_bug.cgi?id=263579
http://secunia.com/advisories/34536
http://secunia.com/advisories/34986
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00116.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00145.html