Openbsd: >> Openssh >> 3.2.3 Security Vulnerabilities
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.
CVSS Score
5.0
EPSS Score
0.206
Published
2003-05-12
Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.
CVSS Score
9.8
EPSS Score
0.337
Published
2002-07-03
Page 6