DescriptionOpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
Note from the SUSE Security TeamThis issue does not affect openssh in SUSE Linux Enterprise 9 and SUSE Linux Enterprise 10, as no S/KEY support is built into our packages. SUSE Bugzilla entries: 620222 [RESOLVED / WONTFIX], 628772 [RESOLVED / INVALID] No SUSE Security Announcements cross referenced.
SUSE Timeline for this CVECVE page created: Fri Jun 28 03:15:12 2013
CVE page last modified: Fri Oct 7 12:45:36 2022