CVE-2017-2659
5.3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| [UNKNOWN] | dropbear | fixed in 2013.59 | affected |
Weaknesses
- CWE-209: CWE-209
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2659
- https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a#l1.86
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2659
- https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a#l1.86
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.