1. Home
  2. CVE Database
  3. CVE-2006-5229
LOW · 2.6

CVE-2006-5229

OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies ...

Vulnerability Description

OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds.

CVSS Score

2.6

LOW

AV:N/AC:H/Au:N/C:P/I:N/A:N
Confidentiality
PARTIAL
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
OpenbsdOpenssh4.1
NovellSuse LinuxAll versions

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2006-5229?

CVE-2006-5229 is a vulnerability with a CVSS score of 2.6 (LOW). OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies ...

How severe is CVE-2006-5229?

CVE-2006-5229 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-5229?

Check the references section above for vendor advisories and patch information. Affected products include: Openbsd Openssh, Novell Suse Linux.