CVE-2006-5229

OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:18

Type Values Removed Values Added
References () http://secunia.com/advisories/25979 - Vendor Advisory () http://secunia.com/advisories/25979 - Vendor Advisory
References () http://www.osvdb.org/32721 - () http://www.osvdb.org/32721 -
References () http://www.securityfocus.com/archive/1/448025/100/0/threaded - () http://www.securityfocus.com/archive/1/448025/100/0/threaded -
References () http://www.securityfocus.com/archive/1/448108/100/0/threaded - () http://www.securityfocus.com/archive/1/448108/100/0/threaded -
References () http://www.securityfocus.com/archive/1/448156/100/0/threaded - () http://www.securityfocus.com/archive/1/448156/100/0/threaded -
References () http://www.securityfocus.com/archive/1/448702/100/0/threaded - () http://www.securityfocus.com/archive/1/448702/100/0/threaded -
References () http://www.securityfocus.com/bid/20418 - () http://www.securityfocus.com/bid/20418 -
References () http://www.sybsecurity.com/hack-proventia-1.pdf - () http://www.sybsecurity.com/hack-proventia-1.pdf -
References () http://www.vupen.com/english/advisories/2007/2545 - Vendor Advisory () http://www.vupen.com/english/advisories/2007/2545 - Vendor Advisory

Information

Published : 2006-10-10 23:07

Updated : 2024-11-21 00:18


NVD link : CVE-2006-5229

Mitre link : CVE-2006-5229

CVE.ORG link : CVE-2006-5229


JSON object : View

Products Affected

novell

  • suse_linux

openbsd

  • openssh
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor