CVE-1999-1029 - CVE Details

Description

SSH server (sshd2) before 2.0.12 does not properly record login attempts if the connection is closed before the maximum number of tries, allowing a remote attacker to guess the password without showing up in the audit logs.

Severity

Overall Severity: N/A

CVSS Metrics

Type	Score	Severity	Vector

Affected Products

ssh - ssh2

Affected Versions:

ssh - ssh2

Affected Versions:

2.0.1

ssh - ssh2

Affected Versions:

2.0.2

ssh - ssh2

Affected Versions:

2.0.3

ssh - ssh2

Affected Versions:

2.0.4

ssh - ssh2

Affected Versions:

2.0.5

ssh - ssh2

Affected Versions:

2.0.6

ssh - ssh2

Affected Versions:

2.0.7

ssh - ssh2

Affected Versions:

2.0.8

ssh - ssh2

Affected Versions:

2.0.9

ssh - ssh2

Affected Versions:

2.0.10

ssh - ssh2

Affected Versions:

2.0.11

References

http://marc.info/?l=bugtraq&m=92663402004280&w=2
http://www.securityfocus.com/bid/277
PatchVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/2193
http://marc.info/?l=bugtraq&m=92663402004280&w=2
http://www.securityfocus.com/bid/277
PatchVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/2193