Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2006-5229 | First vendor Publication | 2006-10-10 |
| Vendor | Cve | Last vendor Modification | 2018-10-17 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:H/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 2.6 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | High |
| Cvss Expoit Score | 4.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5229 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-200 | Information Exposure |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
ExploitDB Exploits
| id | Description |
|---|---|
| 2007-02-13 | Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 32721 | OpenSSH Username Password Complexity Account Enumeration OpenSSH, when deployed under specific but not fully researched conditions, is prone to a remote information disclosure weakness. The issue likely occurs when manually set shadowed passwords are used, which causes OpenSSH to spend extra time during the authentication sequence. This timing discrepancy can be used by a remote attacker to possibly determine which accounts are valid. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2011-08-29 | Name : The SSH service running on the remote host has an information disclosure vuln... File : sunssh_plaintext_recovery.nasl - Type : ACT_GATHER_INFO |
| 2006-09-28 | Name : The remote SSH server is affected by multiple vulnerabilities. File : openssh_44.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-02-02 01:05:05 |
|
| 2024-02-01 12:02:03 |
|
| 2023-09-05 12:04:45 |
|
| 2023-09-05 01:01:54 |
|
| 2023-09-02 12:04:49 |
|
| 2023-09-02 01:01:55 |
|
| 2023-08-12 12:05:41 |
|
| 2023-08-12 01:01:55 |
|
| 2023-08-11 12:04:54 |
|
| 2023-08-11 01:01:58 |
|
| 2023-08-06 12:04:38 |
|
| 2023-08-06 01:01:56 |
|
| 2023-08-04 12:04:44 |
|
| 2023-08-04 01:01:58 |
|
| 2023-07-14 12:04:42 |
|
| 2023-07-14 01:01:57 |
|
| 2023-03-29 01:05:07 |
|
| 2023-03-28 12:02:02 |
|
| 2022-10-11 12:04:10 |
|
| 2022-10-11 01:01:48 |
|
| 2020-07-25 12:02:13 |
|
| 2020-05-23 13:16:47 |
|
| 2020-05-23 00:18:30 |
|
| 2018-10-18 00:19:44 |
|
| 2016-06-28 15:58:44 |
|
| 2016-04-26 15:10:14 |
|
| 2016-03-01 00:23:18 |
|
| 2016-02-29 21:25:10 |
|
| 2014-04-23 17:19:37 |
|
| 2014-02-17 10:37:30 |
|
| 2013-05-11 11:11:23 |
|
