This script is Copyright (C) 2003-2016 Tenable Network Security, Inc.
It is possible to enumerate valid users on the remote host.
The remote host seems to be running an SSH server that could allow an
attacker to determine the existence of a given login by comparing the
time the remote sshd daemon takes to refuse a bad password for a
nonexistent login compared to the time it takes to refuse a bad
password for a valid login.
An attacker could use this flaw to set up a brute-force attack against
the remote host.
Disable PAM support if you do not use it, upgrade to the OpenSSH
version 3.6.1p2 or later.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.8
Public Exploit Available : true
Nessus Plugin ID: 11574 ()
Bugtraq ID: 73427467748211781
CVE ID: CVE-2003-0190CVE-2003-1562
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.