CVE-2003-0190

EPSS 20.6%

發布日:2003/5/12修改日:2026/4/28

描述

OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.

受影響套件(1)

Debian/opensshfrom 0, < 1:3.8.1p1-8.sarge.4

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2003-0190