CVE-1999-1231 — Ssh2 vulnerability

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.8%

top 26.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SSH Ssh2

Timeline

PublishedJun 9

Latest updateApr 30

Description

ssh 2.0.12, and possibly other versions, allows valid user names to attempt to enter the correct password multiple times, but only prompts an invalid user name for a password once, which allows remote attackers to determine user account names on the server.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDssh/ssh213 versions+12

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-7g97-5hq7-x7mm: ssh 2↗2022-04-30

▶

CVEList

CVE-1999-1231: ssh 2↗2001-09-12

▶