CVE-2003-0190

OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.

Published : 2003-05-12 04:00 Updated : 2017-10-11 01:29

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Openbsd Openssh 3.4p1 cpe:/a:openbsd:openssh:3.4p1
Openbsd Openssh 3.6.1p1 cpe:/a:openbsd:openssh:3.6.1p1
  1. Openbsd (1) Search CVE
    1. Openssh (2) Search CVE
      1. 3.4p1
      2. 3.6.1p1

CWE

There is no CWE for this CVE.

History of changes

Date Event
2003-05-12 04:00

New CVE