CVE-2010-4478

OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.

Published : 2010-12-06 22:30 Updated : 2017-09-19 01:31

7.5
CVSS Score More info
Score 7.5 / 10
7.5
Vendor Product Version URI
Openbsd Openssh 1.5.8 cpe:/a:openbsd:openssh:1.5.8
Openbsd Openssh 3.5 cpe:/a:openbsd:openssh:3.5
Openbsd Openssh 5.3 cpe:/a:openbsd:openssh:5.3
Openbsd Openssh 3.6 cpe:/a:openbsd:openssh:3.6
Openbsd Openssh 5.4 cpe:/a:openbsd:openssh:5.4
Openbsd Openssh 1.2.27 cpe:/a:openbsd:openssh:1.2.27
Openbsd Openssh 1.5 cpe:/a:openbsd:openssh:1.5
Openbsd Openssh 3.3 cpe:/a:openbsd:openssh:3.3
Openbsd Openssh 5.1 cpe:/a:openbsd:openssh:5.1
Openbsd Openssh 3.4 cpe:/a:openbsd:openssh:3.4
Openbsd Openssh 5.2 cpe:/a:openbsd:openssh:5.2
Openbsd Openssh 3.9 cpe:/a:openbsd:openssh:3.9
Openbsd Openssh 3.7 cpe:/a:openbsd:openssh:3.7
Openbsd Openssh 5.5 cpe:/a:openbsd:openssh:5.5
Openbsd Openssh 3.8 cpe:/a:openbsd:openssh:3.8
Openbsd Openssh 5.6 cpe:/a:openbsd:openssh:5.6
Openbsd Openssh 1.3 cpe:/a:openbsd:openssh:1.3
Openbsd Openssh 3.1 cpe:/a:openbsd:openssh:3.1
Openbsd Openssh 3.2 cpe:/a:openbsd:openssh:3.2
Openbsd Openssh 3.6.1p1 cpe:/a:openbsd:openssh:3.6.1p1
Openbsd Openssh 5.0 cpe:/a:openbsd:openssh:5.0
Openbsd Openssh 1.2 cpe:/a:openbsd:openssh:1.2
Openbsd Openssh 2.1.1 cpe:/a:openbsd:openssh:2.1.1
Openbsd Openssh 3.0 cpe:/a:openbsd:openssh:3.0
Openbsd Openssh 2.3.1 cpe:/a:openbsd:openssh:2.3.1
Openbsd Openssh 3.0.2p1 cpe:/a:openbsd:openssh:3.0.2p1
Openbsd Openssh 2.5.1 cpe:/a:openbsd:openssh:2.5.1
Openbsd Openssh 2.9p2 cpe:/a:openbsd:openssh:2.9p2
Openbsd Openssh 2.9p1 cpe:/a:openbsd:openssh:2.9p1
Openbsd Openssh 3.8.1 cpe:/a:openbsd:openssh:3.8.1
Openbsd Openssh 2.5.2 cpe:/a:openbsd:openssh:2.5.2
Openbsd Openssh 3.4p1 cpe:/a:openbsd:openssh:3.4p1
Openbsd Openssh 3.0.1 cpe:/a:openbsd:openssh:3.0.1
Openbsd Openssh 3.2.2 cpe:/a:openbsd:openssh:3.2.2
Openbsd Openssh 2.9.9 cpe:/a:openbsd:openssh:2.9.9
Openbsd Openssh 3.6.1p2 cpe:/a:openbsd:openssh:3.6.1p2
Openbsd Openssh 4.2p1 cpe:/a:openbsd:openssh:4.2p1
Openbsd Openssh 4.4p1 cpe:/a:openbsd:openssh:4.4p1
Openbsd Openssh 3.6.1 cpe:/a:openbsd:openssh:3.6.1
Openbsd Openssh 3.0.2 cpe:/a:openbsd:openssh:3.0.2
Openbsd Openssh 2.9.9p2 cpe:/a:openbsd:openssh:2.9.9p2
Openbsd Openssh 3.0p1 cpe:/a:openbsd:openssh:3.0p1
Openbsd Openssh 1.5.7 cpe:/a:openbsd:openssh:1.5.7
Openbsd Openssh 3.2.3p1 cpe:/a:openbsd:openssh:3.2.3p1
Openbsd Openssh 4.0p1 cpe:/a:openbsd:openssh:4.0p1
Openbsd Openssh 3.8.1p1 cpe:/a:openbsd:openssh:3.8.1p1
Openbsd Openssh 4.4 cpe:/a:openbsd:openssh:4.4
Openbsd Openssh 4.5 cpe:/a:openbsd:openssh:4.5
Openbsd Openssh 4.2 cpe:/a:openbsd:openssh:4.2
Openbsd Openssh 2.5 cpe:/a:openbsd:openssh:2.5
Openbsd Openssh 4.3 cpe:/a:openbsd:openssh:4.3
Openbsd Openssh 4.8 cpe:/a:openbsd:openssh:4.8
Openbsd Openssh 4.9 cpe:/a:openbsd:openssh:4.9
Openbsd Openssh 4.6 cpe:/a:openbsd:openssh:4.6
Openbsd Openssh 2.9 cpe:/a:openbsd:openssh:2.9
Openbsd Openssh 4.7 cpe:/a:openbsd:openssh:4.7
Openbsd Openssh 2.2 cpe:/a:openbsd:openssh:2.2
Openbsd Openssh 4.0 cpe:/a:openbsd:openssh:4.0
Openbsd Openssh 2.3 cpe:/a:openbsd:openssh:2.3
Openbsd Openssh 4.1 cpe:/a:openbsd:openssh:4.1
Openbsd Openssh 2.1 cpe:/a:openbsd:openssh:2.1
Openbsd Openssh 3.7.1p1 cpe:/a:openbsd:openssh:3.7.1p1
Openbsd Openssh 3.0.1p1 cpe:/a:openbsd:openssh:3.0.1p1
Openbsd Openssh 3.5p1 cpe:/a:openbsd:openssh:3.5p1
Openbsd Openssh 3.9.1 cpe:/a:openbsd:openssh:3.9.1
Openbsd Openssh 4.7p1 cpe:/a:openbsd:openssh:4.7p1
Openbsd Openssh 3.9.1p1 cpe:/a:openbsd:openssh:3.9.1p1
Openbsd Openssh 4.1p1 cpe:/a:openbsd:openssh:4.1p1
Openbsd Openssh 4.3p2 cpe:/a:openbsd:openssh:4.3p2
Openbsd Openssh 3.7.1p2 cpe:/a:openbsd:openssh:3.7.1p2
Openbsd Openssh 4.3p1 cpe:/a:openbsd:openssh:4.3p1
Openbsd Openssh 3.3p1 cpe:/a:openbsd:openssh:3.3p1
Openbsd Openssh 3.7.1 cpe:/a:openbsd:openssh:3.7.1
Openbsd Openssh 1.2.2 cpe:/a:openbsd:openssh:1.2.2
Openbsd Openssh 3.1p1 cpe:/a:openbsd:openssh:3.1p1
Openbsd Openssh 3.2.2p1 cpe:/a:openbsd:openssh:3.2.2p1
Openbsd Openssh 1.2.3 cpe:/a:openbsd:openssh:1.2.3
Openbsd Openssh 1.2.1 cpe:/a:openbsd:openssh:1.2.1
  1. Openbsd (1) Search CVE
    1. Openssh (78) Search CVE
      1. 1.5.8
      2. 3.5
      3. 5.3
      4. 3.6
      5. 5.4
      6. 1.2.27
      7. 1.5
      8. 3.3
      9. 5.1
      10. 3.4
      11. 5.2
      12. 3.9
      13. 3.7
      14. 5.5
      15. 3.8
      16. 5.6
      17. 1.3
      18. 3.1
      19. 3.2
      20. 3.6.1p1
      21. 5.0
      22. 1.2
      23. 2.1.1
      24. 3.0
      25. 2.3.1
      26. 3.0.2p1
      27. 2.5.1
      28. 2.9p2
      29. 2.9p1
      30. 3.8.1
      31. 2.5.2
      32. 3.4p1
      33. 3.0.1
      34. 3.2.2
      35. 2.9.9
      36. 3.6.1p2
      37. 4.2p1
      38. 4.4p1
      39. 3.6.1
      40. 3.0.2
      41. 2.9.9p2
      42. 3.0p1
      43. 1.5.7
      44. 3.2.3p1
      45. 4.0p1
      46. 3.8.1p1
      47. 4.4
      48. 4.5
      49. 4.2
      50. 2.5
      51. 4.3
      52. 4.8
      53. 4.9
      54. 4.6
      55. 2.9
      56. 4.7
      57. 2.2
      58. 4.0
      59. 2.3
      60. 4.1
      61. 2.1
      62. 3.7.1p1
      63. 3.0.1p1
      64. 3.5p1
      65. 3.9.1
      66. 4.7p1
      67. 3.9.1p1
      68. 4.1p1
      69. 4.3p2
      70. 3.7.1p2
      71. 4.3p1
      72. 3.3p1
      73. 3.7.1
      74. 1.2.2
      75. 3.1p1
      76. 3.2.2p1
      77. 1.2.3
      78. 1.2.1

CWE

ID Name Description Links
CWE-287 Improper Authentication When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. CVE

History of changes

Date Event
2010-12-06 22:30

New CVE