Ubuntu Security Notice (C) 2004-2016 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related
@Mediaservice.net discovered two information leaks in the OpenSSH
server. When using password authentication, an attacker could test
whether a login name exists by measuring the time between failed login
attempts, i. e. the time after which the 'password:' prompt appears
A similar issue affects systems which do not allow root logins over
ssh ('PermitRootLogin no'). By measuring the time between login
attempts an attacker could check whether a given root password is
correct. This allowed determining weak root passwords using a brute
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.0