Vulnerability Name:

CVE-2003-1562 (CCN-44279)

Assigned:2003-04-30
Published:2003-04-30
Updated:2022-12-13
Summary:
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:7.6 High (CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
5.6 Medium (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Consequences:Other
References:Source: CCN
Type: BugTraq Mailing List, Wed Apr 30 2003 - 09:34:27 CDT
OpenSSH/PAM timing attack allows remote users identification

Source: CCN
Type: BugTraq Security Advisory, 30/04/2003
OpenSSH/PAM timing attack allows remote users identification

Source: CCN
Type: Debian Bug report logs - #248747
sshd: no delay on successful root login with permitroot = no

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: MITRE
Type: CNA
CVE-2003-1562

Source: CCN
Type: OpenSSH Web site
OpenSSH

Source: CCN
Type: OSVDB ID: 2109
OpenSSH sshd Root Login Timing Side-Channel Weakness

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: CCN
Type: BID-7482
OpenSSH Remote Root Authentication Timing Side-Channel Weakness

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: cve@mitre.org
Type: UNKNOWN
cve@mitre.org

Source: XF
Type: UNKNOWN
openssh-sshd-weak-security(44279)

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:openbsd:openssh:2.1.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.5.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.5.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.4:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.3:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.5:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:3.6.1:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2.9.9:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.2:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.3:-:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.3:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:openbsd:openssh:2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    openbsd openssh 2.1.1
    openbsd openssh 2.3.1
    openbsd openssh 2.5.2
    openbsd openssh 2.5
    openbsd openssh 2.5.1
    openbsd openssh 2.9
    openbsd openssh 3.0
    openbsd openssh 3.2.2
    openbsd openssh 3.2.2p1
    openbsd openssh 3.4
    openbsd openssh 3.6.1p2
    openbsd openssh 2.9.9p2
    openbsd openssh 3.0p1
    openbsd openssh 3.0.1p1
    openbsd openssh 3.0.1
    openbsd openssh 3.0.2p1
    openbsd openssh 3.0.2
    openbsd openssh 3.1p1
    openbsd openssh 3.1
    openbsd openssh 3.2
    openbsd openssh 3.2.3p1
    openbsd openssh 3.3p1
    openbsd openssh 3.3
    openbsd openssh 3.5
    openbsd openssh 3.5p1
    openbsd openssh 3.6
    openbsd openssh 3.6.1p1
    openbsd openssh 3.6.1
    openbsd openssh 2.1
    openbsd openssh 2.2
    openbsd openssh 2.3
    openbsd openssh 2.9p2
    openbsd openssh 2.9p1
    openbsd openssh 2.9.9
    openbsd openssh 1.2.2
    openbsd openssh 1.2.3
    openbsd openssh 1.2.27
    openbsd openssh 1.2.1
    openbsd openssh 1.2
    openbsd openssh 1.3
    openbsd openssh 1.5
    openbsd openssh 1.5.7
    openbsd openssh 1.5.8
    openbsd openssh 2