CVE-1999-1231 - CVE Details

Description

ssh 2.0.12, and possibly other versions, allows valid user names to attempt to enter the correct password multiple times, but only prompts an invalid user name for a password once, which allows remote attackers to determine user account names on the server.

Severity

Overall Severity: N/A

CVSS Metrics

Type	Score	Severity	Vector

Affected Products

ssh - ssh2

Affected Versions:

ssh - ssh2

Affected Versions:

2.0.1

ssh - ssh2

Affected Versions:

2.0.2

ssh - ssh2

Affected Versions:

2.0.3

ssh - ssh2

Affected Versions:

2.0.4

ssh - ssh2

Affected Versions:

2.0.5

ssh - ssh2

Affected Versions:

2.0.6

ssh - ssh2

Affected Versions:

2.0.7

ssh - ssh2

Affected Versions:

2.0.8

ssh - ssh2

Affected Versions:

2.0.9

ssh - ssh2

Affected Versions:

2.0.10

ssh - ssh2

Affected Versions:

2.0.11

ssh - ssh2

Affected Versions:

2.0.12

References

http://www.securityfocus.com/archive/1/14758
ExploitPatchVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/2276
http://www.securityfocus.com/archive/1/14758
ExploitPatchVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/2276