CVE-1999-1029Omission of Security-relevant Information in Ssh2

CWE-223Omission of Security-relevant InformationCWE-221Information Loss or Omission5 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.7%
top 27.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SSH Ssh2
Timeline
PublishedMay 13
Latest updateApr 30

Description

SSH server (sshd2) before 2.0.12 does not properly record login attempts if the connection is closed before the maximum number of tries, allowing a remote attacker to guess the password without showing up in the audit logs.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDssh/ssh212 versions+11

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-6mfv-3x79-9r84: SSH server (sshd2) before 22022-04-30
CVEList
CVE-1999-1029: SSH server (sshd2) before 22001-09-12

📐Framework References

2
CWE
Omission of Security-relevant Information
CWE
Information Loss or Omission
CVE-1999-1029 — SSH Ssh2 vulnerability | cvebase