CVE-2013-4434 - OpenCVE

Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to discover valid usernames.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dropbear Ssh Project	Dropbear Ssh

Configuration 1 [-]

cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.opensuse.org/opensuse-updates/2013-10/msg00061.html
http://lists.opensuse.org/opensuse-updates/2013-11/msg00046.html
http://secunia.com/advisories/55173
http://www.openwall.com/lists/oss-security/2013/10/16/11
http://www.securityfocus.com/bid/62993
https://matt.ucc.asn.au/dropbear/CHANGES
https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a
https://support.citrix.com/article/CTX216642

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-10-25T23:00:00

Updated: 2024-08-06T16:45:14.079Z

Reserved: 2013-06-12T00:00:00

Link: CVE-2013-4434

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2013-10-25T23:55:03.957

Modified: 2018-10-30T16:28:04.297

Link: CVE-2013-4434

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-05-26T00:00:00", "descriptions": [{"lang": "en", "value": "Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to discover valid usernames."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-14T10:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "55173", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55173"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://matt.ucc.asn.au/dropbear/CHANGES"}, {"name": "62993", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/62993"}, {"name": "[oss-security] 20131015 Re: CVE Request: dropbear sshd daemon 2013.59 release", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/10/16/11"}, {"name": "openSUSE-SU-2013:1696", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00046.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.citrix.com/article/CTX216642"}, {"name": "openSUSE-SU-2013:1616", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00061.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4434", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to discover valid usernames."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "55173", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55173"}, {"name": "https://matt.ucc.asn.au/dropbear/CHANGES", "refsource": "CONFIRM", "url": "https://matt.ucc.asn.au/dropbear/CHANGES"}, {"name": "62993", "refsource": "BID", "url": "http://www.securityfocus.com/bid/62993"}, {"name": "[oss-security] 20131015 Re: CVE Request: dropbear sshd daemon 2013.59 release", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/10/16/11"}, {"name": "openSUSE-SU-2013:1696", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00046.html"}, {"name": "https://support.citrix.com/article/CTX216642", "refsource": "CONFIRM", "url": "https://support.citrix.com/article/CTX216642"}, {"name": "openSUSE-SU-2013:1616", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00061.html"}, {"name": "https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a", "refsource": "CONFIRM", "url": "https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:45:14.079Z"}, "title": "CVE Program Container", "references": [{"name": "55173", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/55173"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://matt.ucc.asn.au/dropbear/CHANGES"}, {"name": "62993", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/62993"}, {"name": "[oss-security] 20131015 Re: CVE Request: dropbear sshd daemon 2013.59 release", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/10/16/11"}, {"name": "openSUSE-SU-2013:1696", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00046.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.citrix.com/article/CTX216642"}, {"name": "openSUSE-SU-2013:1616", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00061.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4434", "datePublished": "2013-10-25T23:00:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:45:14.079Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*", "matchCriteriaId": "EBC6AE23-FAEA-491F-806C-8D634FA765B0", "versionEndExcluding": "2013.59", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to discover valid usernames."}, {"lang": "es", "value": "Dropbear SSH Server anterior a 2013.59 genera mensajes de error durante un intento de inicio de sesi\u00f3n fallido con diferentes retardos de tiempo en funci\u00f3n de si existe la cuenta de usuario, lo que permite a atacantes remotos para descubrir los nombres de usuario v\u00e1lidos."}], "id": "CVE-2013-4434", "lastModified": "2018-10-30T16:28:04.297", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-10-25T23:55:03.957", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00061.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00046.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/55173"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2013/10/16/11"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/62993"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://matt.ucc.asn.au/dropbear/CHANGES"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://support.citrix.com/article/CTX216642"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}