Detections
Analytics

OpenSSH < 4.1.0p2 / 4.2 Timing Attack

medium Nessus Network Monitor Plugin ID 3787

Synopsis

The remote host discloses information regarding the availability of user accounts.

Description

The remote host is running a version of OpenSSH that is vulnerable to a flaw in the way that it handles authentication requests. Specifically, OpenSSH is alleged to vary response time based on the complexity (or availability) of the user password. An account that had no password would elicit a quicker SSH response than an account that had a defined password. An attacker exploiting this flaw would be able to determine local accounts that had passwords. This information would be useful in other more complex attacks.

Note: NNM has solely relied on the banner of the SSH client to perform this check. Any backported patches or workarounds such as recompiling or edited configurations are not observable through the banner.

Solution

Upgrade to version 4.2, 4.1.0p2 or higher.

See Also

http://www.securityfocus.com/bid/20418

Plugin Details

Severity: Medium

ID: 3787

Family: SSH

Published: 10/10/2006

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: Low

Base Score: 3.3

Temporal Score: 3

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 4.1

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:openbsd:openssh

Reference Information

CVE: CVE-2006-5229

BID: 20418