CVE-2005-2666

SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.

Published : 2005-08-23 04:00 Updated : 2017-10-11 01:30

1.2
CVSS Score More info
Score 1.2 / 10
1.2
Vendor Product Version URI
Openbsd Openssh 3.8.1p1 cpe:/a:openbsd:openssh:3.8.1p1
Openbsd Openssh 3.5 cpe:/a:openbsd:openssh:3.5
Openbsd Openssh 3.6 cpe:/a:openbsd:openssh:3.6
Openbsd Openssh 3.3 cpe:/a:openbsd:openssh:3.3
Openbsd Openssh 3.4 cpe:/a:openbsd:openssh:3.4
Openbsd Openssh 3.9 cpe:/a:openbsd:openssh:3.9
Openbsd Openssh 3.7 cpe:/a:openbsd:openssh:3.7
Openbsd Openssh 3.8 cpe:/a:openbsd:openssh:3.8
Openbsd Openssh 3.1 cpe:/a:openbsd:openssh:3.1
Openbsd Openssh 3.2 cpe:/a:openbsd:openssh:3.2
Openbsd Openssh 3.6.1p1 cpe:/a:openbsd:openssh:3.6.1p1
Openbsd Openssh 3.0 cpe:/a:openbsd:openssh:3.0
Openbsd Openssh 3.0.2p1 cpe:/a:openbsd:openssh:3.0.2p1
Openbsd Openssh 3.0.1p1 cpe:/a:openbsd:openssh:3.0.1p1
Openbsd Openssh 3.8.1 cpe:/a:openbsd:openssh:3.8.1
Openbsd Openssh 3.4p1 cpe:/a:openbsd:openssh:3.4p1
Openbsd Openssh 3.0.1 cpe:/a:openbsd:openssh:3.0.1
Openbsd Openssh 3.5p1 cpe:/a:openbsd:openssh:3.5p1
Openbsd Openssh 3.9.1 cpe:/a:openbsd:openssh:3.9.1
Openbsd Openssh 3.6.1p2 cpe:/a:openbsd:openssh:3.6.1p2
Openbsd Openssh 3.9.1p1 cpe:/a:openbsd:openssh:3.9.1p1
Openbsd Openssh 3.7.1p2 cpe:/a:openbsd:openssh:3.7.1p2
Openbsd Openssh 3.6.1 cpe:/a:openbsd:openssh:3.6.1
Openbsd Openssh 3.0.2 cpe:/a:openbsd:openssh:3.0.2
Openbsd Openssh 3.3p1 cpe:/a:openbsd:openssh:3.3p1
Openbsd Openssh 3.7.1 cpe:/a:openbsd:openssh:3.7.1
Openbsd Openssh 3.0p1 cpe:/a:openbsd:openssh:3.0p1
Openbsd Openssh 3.1p1 cpe:/a:openbsd:openssh:3.1p1
Openbsd Openssh 3.2.2p1 cpe:/a:openbsd:openssh:3.2.2p1
Openbsd Openssh 3.2.3p1 cpe:/a:openbsd:openssh:3.2.3p1
  1. Openbsd (1) Search CVE
    1. Openssh (30) Search CVE
      1. 3.8.1p1
      2. 3.5
      3. 3.6
      4. 3.3
      5. 3.4
      6. 3.9
      7. 3.7
      8. 3.8
      9. 3.1
      10. 3.2
      11. 3.6.1p1
      12. 3.0
      13. 3.0.2p1
      14. 3.0.1p1
      15. 3.8.1
      16. 3.4p1
      17. 3.0.1
      18. 3.5p1
      19. 3.9.1
      20. 3.6.1p2
      21. 3.9.1p1
      22. 3.7.1p2
      23. 3.6.1
      24. 3.0.2
      25. 3.3p1
      26. 3.7.1
      27. 3.0p1
      28. 3.1p1
      29. 3.2.2p1
      30. 3.2.3p1

CWE

ID Name Description Links
CWE-255 Credentials Management Weaknesses in this category are related to the management of credentials. CVE

History of changes

Date Event
2005-08-23 04:00

New CVE