CVE-2003-1562
N/A
N/A
Summary
sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/archive/1/320153
- http://www.securityfocus.com/archive/1/320302
- http://www.securityfocus.com/bid/7482
- http://www.securityfocus.com/archive/1/320440
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248747
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
References
- http://www.securityfocus.com/archive/1/320153
- http://www.securityfocus.com/archive/1/320302
- http://www.securityfocus.com/bid/7482
- http://www.securityfocus.com/archive/1/320440
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248747
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.