CVE-2003-0190

Published: May 2, 2003

Modified: Aug 8, 2024

PUBLISHED

Description

OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

RHSA-2003:222

vendor-advisory

20030430 OpenSSH/PAM timing attack allows remote users identification

mailing-list

7467

vdb-entry

20030806 [OpenPKG-SA-2003.035] OpenPKG Security Advisory (openssh)

mailing-list

RHSA-2003:224

vendor-advisory

oval:org.mitre.oval:def:445

vdb-entry

signature

http://lab.mediaservice.net/advisory/2003-01-openssh.txt

TLSA-2003-31

vendor-advisory

20030430 OpenSSH/PAM timing attack allows remote users identification

mailing-list

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2003-0190

Description

Affected Products

References