CVE-2005-2666
published 2005-08-23CVE-2005-2666: SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file…
PriorityP412low1.2CVSS 2.0
AVLACHAuNCPINAN
EPSS
1.18%
63.7th percentile
SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.
Affected
35 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssh | < openssh 1:4.0p1-1 (bookworm) | openssh 1:4.0p1-1 (bookworm) |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
CVSS provenance
nvdv2.01.2LOWAV:L/AC:H/Au:N/C:P/I:N/A:N
osv1.2LOW
vendor_debian1.2LOW
vendor_redhat1.2LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rfm3-rfv4-crj6: SSH, as implemented in OpenSSH before 4
ghsa_unreviewed·2022-05-03
CVE-2005-2666 [LOW] GHSA-rfm3-rfv4-crj6: SSH, as implemented in OpenSSH before 4
SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.
OSV
CVE-2005-2666: SSH, as implemented in OpenSSH before 4
osv·2005-08-23·CVSS 1.2
CVE-2005-2666 [LOW] CVE-2005-2666: SSH, as implemented in OpenSSH before 4
SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.
Red Hat
openssh vulnerable to known_hosts address harvesting
vendor_redhat·2005-07-07·CVSS 1.2
CVE-2005-2666 [LOW] openssh vulnerable to known_hosts address harvesting
openssh vulnerable to known_hosts address harvesting
SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.
Statement: The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
https://access.redhat.com/security/updates/classification/
Debian
CVE-2005-2666: openssh - SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, st...
vendor_debian·2005·CVSS 1.2
CVE-2005-2666 [LOW] CVE-2005-2666: openssh - SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, st...
SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.
Scope: local
bookworm: resolved (fixed in 1:4.0p1-1)
bullseye: resolved (fixed in 1:4.0p1-1)
forky: resolved (fixed in 1:4.0p1-1)
sid: resolved (fixed in 1:4.0p1-1)
trixie: resolved (fixed in 1:4.0p1-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2005-2666 openssh vulnerable to known_hosts address harvesting
bugzilla·2007-02-19·CVSS 1.2
CVE-2005-2666 [LOW] CVE-2005-2666 openssh vulnerable to known_hosts address harvesting
CVE-2005-2666 openssh vulnerable to known_hosts address harvesting
clone for rhel3/2.1
+++ This bug was initially created as a clone of Bug #162681 +++
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8)
Gecko/20050511 Firefox/1.0.4
Description of problem:
Portable OpenSSH versions less than 4.0p1 have known_hosts files that would
allow an attacker to find additional targets, because the host information
contained within them is listed in cleartext.
http://nms.csail.mit.edu/projects/ssh/
The OpenSSH server included in RHEL 3 and 4 do not currently have support for
the Hashed Host patches that would be needed to avoid exposing sensitive
information to a successful attacker.
The specific fix that the OpenSSH folks have devised for this is descri
Bugzilla
CVE-2005-2666 openssh vulnerable to known_hosts address harvesting
bugzilla·2005-07-07·CVSS 1.2
CVE-2005-2666 [LOW] CVE-2005-2666 openssh vulnerable to known_hosts address harvesting
CVE-2005-2666 openssh vulnerable to known_hosts address harvesting
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
Description of problem:
Portable OpenSSH versions less than 4.0p1 have known_hosts files that would allow an attacker to find additional targets, because the host information contained within them is listed in cleartext.
http://nms.csail.mit.edu/projects/ssh/
The OpenSSH server included in RHEL 3 and 4 do not currently have support for the Hashed Host patches that would be needed to avoid exposing sensitive information to a successful attacker.
The specific fix that the OpenSSH folks have devised for this is described here:
http://nms.lcs.mit.edu/projects/ssh/README.hashed-hosts
A patch for OpenSSH
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txthttp://nms.csail.mit.edu/projects/ssh/http://secunia.com/advisories/19243http://secunia.com/advisories/25098http://www.eweek.com/article2/0%2C1759%2C1815795%2C00.asphttp://www.redhat.com/support/errata/RHSA-2007-0257.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10201ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txthttp://nms.csail.mit.edu/projects/ssh/http://secunia.com/advisories/19243http://secunia.com/advisories/25098http://www.eweek.com/article2/0%2C1759%2C1815795%2C00.asphttp://www.redhat.com/support/errata/RHSA-2007-0257.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10201
2005-08-23
Published