CVE-2003-0190

Openbsd Openssh < 3.6.1 - Information Disclosure

Title source: rule

Description

OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.

Exploits (3)

exploitdb SCANNER VERIFIED

by Nicolas Couture · bashremotelinux

https://www.exploit-db.com/exploits/26

View Code ZIP pw:eip

exploitdb SCANNER VERIFIED

by Maurizio Agazzini · cremotelinux

https://www.exploit-db.com/exploits/25

View Code ZIP pw:eip

exploitdb WORKING POC

shellremotemultiple

https://www.exploit-db.com/exploits/3303

View Code ZIP pw:eip

References (10)

[Broken Link] http://lab.mediaservice.net/advisory/2003-01-openssh.txt

[Broken Link] http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004815.html

[Third Party Advisory] http://marc.info/?l=bugtraq&m=105172058404810&w=2

[Third Party Advisory] http://marc.info/?l=bugtraq&m=106018677302607&w=2

[Broken Link] http://www.redhat.com/support/errata/RHSA-2003-222.html

[Broken Link] http://www.redhat.com/support/errata/RHSA-2003-224.html

[Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory] http://www.securityfocus.com/bid/7467

[Broken Link] http://www.turbolinux.com/security/TLSA-2003-31.txt

[Third Party Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

[Broken Link] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A445

Scores

EPSS 0.2058

EPSS Percentile 95.6%

Details

CWE

CWE-203

Status published

Products (6)

openbsd/openssh 3.6.1 p1

openbsd/openssh < 3.6.1

openpkg/openpkg 1.2

openpkg/openpkg 1.3

siemens/scalance_x204rna_ecc_firmware < 3.2.7

siemens/scalance_x204rna_firmware < 3.2.7

Published May 12, 2003

Tracked Since Feb 18, 2026