OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published: 2007-04-25T16:00:00
Updated: 2024-08-07T13:33:27.475Z
Reserved: 2007-04-25T00:00:00
Link: CVE-2007-2243

No data.

Status : Modified
Published: 2007-04-25T16:19:00.000
Modified: 2024-11-21T00:30:17.013
Link: CVE-2007-2243

No data.