Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2006-5229 | First vendor Publication | 2006-10-10 |
Vendor | Cve | Last vendor Modification | 2018-10-17 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 2.6 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5229 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-200 | Information Exposure |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
ExploitDB Exploits
id | Description |
---|---|
2007-02-13 | Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
32721 | OpenSSH Username Password Complexity Account Enumeration OpenSSH, when deployed under specific but not fully researched conditions, is prone to a remote information disclosure weakness. The issue likely occurs when manually set shadowed passwords are used, which causes OpenSSH to spend extra time during the authentication sequence. This timing discrepancy can be used by a remote attacker to possibly determine which accounts are valid. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-08-29 | Name : The SSH service running on the remote host has an information disclosure vuln... File : sunssh_plaintext_recovery.nasl - Type : ACT_GATHER_INFO |
2006-09-28 | Name : The remote SSH server is affected by multiple vulnerabilities. File : openssh_44.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-02-02 01:05:05 |
|
2024-02-01 12:02:03 |
|
2023-09-05 12:04:45 |
|
2023-09-05 01:01:54 |
|
2023-09-02 12:04:49 |
|
2023-09-02 01:01:55 |
|
2023-08-12 12:05:41 |
|
2023-08-12 01:01:55 |
|
2023-08-11 12:04:54 |
|
2023-08-11 01:01:58 |
|
2023-08-06 12:04:38 |
|
2023-08-06 01:01:56 |
|
2023-08-04 12:04:44 |
|
2023-08-04 01:01:58 |
|
2023-07-14 12:04:42 |
|
2023-07-14 01:01:57 |
|
2023-03-29 01:05:07 |
|
2023-03-28 12:02:02 |
|
2022-10-11 12:04:10 |
|
2022-10-11 01:01:48 |
|
2020-07-25 12:02:13 |
|
2020-05-23 13:16:47 |
|
2020-05-23 00:18:30 |
|
2018-10-18 00:19:44 |
|
2016-06-28 15:58:44 |
|
2016-04-26 15:10:14 |
|
2016-03-01 00:23:18 |
|
2016-02-29 21:25:10 |
|
2014-04-23 17:19:37 |
|
2014-02-17 10:37:30 |
|
2013-05-11 11:11:23 |
|