Vulnerability Name: | CVE-2004-2760 (CCN-44280) | ||||||||
Assigned: | 2004-04-12 | ||||||||
Published: | 2004-04-12 | ||||||||
Updated: | 2009-01-29 | ||||||||
Summary: | sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. Note: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-16 | ||||||||
Vulnerability Consequences: | Obtain Information | ||||||||
References: | Source: BUGTRAQ Type: UNKNOWN 20040412 BID 7482, bug in OpenSSH (Still in FreeBSD-STABLE) Source: CCN Type: BugTraq Mailing List, Mon, 12 Apr 2004 09:07:51 -0300 BID 7482, bug in OpenSSH (Still in FreeBSD-STABLE) Source: CCN Type: Debian Bug report logs - #248747 sshd: no delay on successful root login with permitroot = no Source: MITRE Type: CNA CVE-2004-2760 Source: SREASON Type: UNKNOWN 4100 Source: CCN Type: OpenSSH Web site OpenSSH Source: BUGTRAQ Type: UNKNOWN 20040413 Re: Fwd: [BID 7482, bug in OpenSSH (Still in FreeBSD-STABLE)] Source: CCN Type: BID-7482 OpenSSH Remote Root Authentication Timing Side-Channel Weakness Source: XF Type: UNKNOWN openssh-permitrootlogin-info-disclosure(44280) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |