CVE-2001-0572 — Improper Control of Interaction Frequency in Openssh

5 documents5 sources

Severity

7.5HIGHNVD

EPSS

24.5%

top 3.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openbsd Openssh SSH

Timeline

PublishedAug 22

Latest updateApr 30

Description

The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDopenbsd/openssh4.5

▶NVDssh/ssh8 versions+7

Patches

Patch: archives.neohapsis.com ↗Patch: www.linux-mandrake.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-m5hh-422h-x5pc: The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain↗2022-04-30

▶

CVEList

CVE-2001-0572: The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain↗2001-07-27

▶

📋Vendor Advisories

Red Hat

security flaw↗2001-03-18

▶

💬Community

Bugzilla

CVE-2001-0572 security flaw↗2018-08-16

▶