CVE-2003-1562Race Condition in Openssh

CWE-362Race Condition7 documents7 sources
Severity
7.6HIGHNVD
CNA5.0OSV5.0
EPSS
0.8%
top 25.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openbsd Openssh
Timeline
PublishedDec 31
Latest updateApr 29

Description

sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages2 packages

Debianopenbsd/openssh< 1:3.8.1p1-8.sarge.4+3
NVDopenbsd/openssh45 versions+44

🔴Vulnerability Details

3
GHSA
GHSA-49wx-627v-6mcq: sshd in OpenSSH 32022-04-29
CVEList
CVE-2003-1562: sshd in OpenSSH 32008-08-04
OSV
CVE-2003-1562: sshd in OpenSSH 32003-12-31

📋Vendor Advisories

2
Red Hat
openssh information disclosure2003-05-01
Debian
CVE-2003-1562: openssh - sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using ...2003

💬Community

1
Bugzilla
CVE-2003-1562 openssh information disclosure2008-08-04
CVE-2003-1562 — Race Condition in Openbsd Openssh | cvebase