CVE-2003-1562

Current Description

sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190.

Basic Data

PublishedDecember 31, 2003
Last ModifiedSeptember 05, 2008
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-362
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:H/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityHIGH
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.6
SeverityHIGH
Exploitability Score4.9
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationOpenbsdOpenssh1.2*******
    2.3ApplicationOpenbsdOpenssh1.2.1*******
    2.3ApplicationOpenbsdOpenssh1.2.2*******
    2.3ApplicationOpenbsdOpenssh1.2.3*******
    2.3ApplicationOpenbsdOpenssh1.2.27*******
    2.3ApplicationOpenbsdOpenssh1.3*******
    2.3ApplicationOpenbsdOpenssh1.5*******
    2.3ApplicationOpenbsdOpenssh1.5.7*******
    2.3ApplicationOpenbsdOpenssh1.5.8*******
    2.3ApplicationOpenbsdOpenssh2*******
    2.3ApplicationOpenbsdOpenssh2.1*******
    2.3ApplicationOpenbsdOpenssh2.1.1*******
    2.3ApplicationOpenbsdOpenssh2.2*******
    2.3ApplicationOpenbsdOpenssh2.3*******
    2.3ApplicationOpenbsdOpenssh2.3.1*******
    2.3ApplicationOpenbsdOpenssh2.5*******
    2.3ApplicationOpenbsdOpenssh2.5.1*******
    2.3ApplicationOpenbsdOpenssh2.5.2*******
    2.3ApplicationOpenbsdOpenssh2.9*******
    2.3ApplicationOpenbsdOpenssh2.9.9*******
    2.3ApplicationOpenbsdOpenssh2.9.9p2*******
    2.3ApplicationOpenbsdOpenssh2.9p1*******
    2.3ApplicationOpenbsdOpenssh2.9p2*******
    2.3ApplicationOpenbsdOpenssh3.0*******
    2.3ApplicationOpenbsdOpenssh3.0.1*******
    2.3ApplicationOpenbsdOpenssh3.0.1p1*******
    2.3ApplicationOpenbsdOpenssh3.0.2*******
    2.3ApplicationOpenbsdOpenssh3.0.2p1*******
    2.3ApplicationOpenbsdOpenssh3.0p1*******
    2.3ApplicationOpenbsdOpenssh3.1*******
    2.3ApplicationOpenbsdOpenssh3.1p1*******
    2.3ApplicationOpenbsdOpenssh3.2*******
    2.3ApplicationOpenbsdOpenssh3.2.2*******
    2.3ApplicationOpenbsdOpenssh3.2.2p1*******
    2.3ApplicationOpenbsdOpenssh3.2.3p1*******
    2.3ApplicationOpenbsdOpenssh3.3*******
    2.3ApplicationOpenbsdOpenssh3.3p1*******
    2.3ApplicationOpenbsdOpenssh3.4*******
    2.3ApplicationOpenbsdOpenssh3.4p1*******
    2.3ApplicationOpenbsdOpenssh3.5*******
    2.3ApplicationOpenbsdOpenssh3.5p1*******
    2.3ApplicationOpenbsdOpenssh3.6*******
    2.3ApplicationOpenbsdOpenssh3.6.1*******
    2.3ApplicationOpenbsdOpenssh3.6.1p1*******
    2.3ApplicationOpenbsdOpenssh3.6.1p2*******

Vulnerable Software List

VendorProductVersions
Openbsd Openssh 1.2, 1.2.1, 1.2.2, 1.2.27, 1.2.3, 1.3, 1.5, 1.5.7, 1.5.8, 2, 2.1, 2.1.1, 2.2, 2.3, 2.3.1, 2.5, 2.5.1, 2.5.2, 2.9, 2.9.9, 2.9.9p2, 2.9p1, 2.9p2, 3.0, 3.0.1, 3.0.1p1, 3.0.2, 3.0.2p1, 3.0p1, 3.1, 3.1p1, 3.2, 3.2.2, 3.2.2p1, 3.2.3p1, 3.3, 3.3p1, 3.4, 3.4p1, 3.5, 3.5p1, 3.6, 3.6.1, 3.6.1p1, 3.6.1p2

References

NameSourceURLTags
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248747http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248747CONFIRM
20030501 Re: OpenSSH/PAM timing attack allows remote users identificationhttp://www.securityfocus.com/archive/1/320153BUGTRAQ
20030501 Re: OpenSSH/PAM timing attack allows remote users identificationhttp://www.securityfocus.com/archive/1/320302BUGTRAQ
20030505 Re: OpenSSH/PAM timing attack allows remote users identificationhttp://www.securityfocus.com/archive/1/320440BUGTRAQ
7482http://www.securityfocus.com/bid/7482BID