Vulnerability Description
It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dropbear Ssh Project | Dropbear Ssh | < 2013.59 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2659Issue TrackingPatchThird Party Advisory
- https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a#l1.86PatchThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2659Issue TrackingPatchThird Party Advisory
- https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a#l1.86PatchThird Party Advisory
FAQ
What is CVE-2017-2659?
CVE-2017-2659 is a vulnerability with a CVSS score of 5.3 (MEDIUM). It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly cou...
How severe is CVE-2017-2659?
CVE-2017-2659 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-2659?
Check the references section above for vendor advisories and patch information. Affected products include: Dropbear Ssh Project Dropbear Ssh.