Vulnerability Details : CVE-2004-2760
sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability.
Threat overview for CVE-2004-2760
Top countries where our scanners detected CVE-2004-2760
Top open port discovered on systems with this issue
22
IPs affected by CVE-2004-2760 9,307
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2004-2760!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2004-2760
Probability of exploitation activity in the next 30 days: 0.76%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 79 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2004-2760
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2004-2760
-
Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2004-2760
-
Red Hat 2008-08-11The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode.
- cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*