ssh 2.0.12, and possibly other versions, allows valid user names to attempt to enter the correct password multiple times, but only prompts an invalid user name for a password once, which allows remote attackers to determine user account names on the server.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ssh2 | Ssh | 2.0 (including) | 2.0 (including) |
Ssh2 | Ssh | 2.0.1 (including) | 2.0.1 (including) |
Ssh2 | Ssh | 2.0.2 (including) | 2.0.2 (including) |
Ssh2 | Ssh | 2.0.3 (including) | 2.0.3 (including) |
Ssh2 | Ssh | 2.0.4 (including) | 2.0.4 (including) |
Ssh2 | Ssh | 2.0.5 (including) | 2.0.5 (including) |
Ssh2 | Ssh | 2.0.6 (including) | 2.0.6 (including) |
Ssh2 | Ssh | 2.0.7 (including) | 2.0.7 (including) |
Ssh2 | Ssh | 2.0.8 (including) | 2.0.8 (including) |
Ssh2 | Ssh | 2.0.9 (including) | 2.0.9 (including) |
Ssh2 | Ssh | 2.0.10 (including) | 2.0.10 (including) |
Ssh2 | Ssh | 2.0.11 (including) | 2.0.11 (including) |
Ssh2 | Ssh | 2.0.12 (including) | 2.0.12 (including) |