Vulnerability Details : CVE-2003-0190
Public exploit exists!
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.
Threat overview for CVE-2003-0190
Top countries where our scanners detected CVE-2003-0190
Top open port discovered on systems with this issue
22
IPs affected by CVE-2003-0190 1,111
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2003-0190!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2003-0190
Probability of exploitation activity in the next 30 days: 6.45%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 93 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2003-0190
-
SSH Username Enumeration
First seen: 2020-04-26auxiliary/scanner/ssh/ssh_enumusersThis module uses a malformed packet or timing attack to enumerate users on an OpenSSH server. The default action sends a malformed (corrupted) SSH_MSG_USERAUTH_REQUEST packet using public key authentication (must be enabled) to enumerate users. On
CVSS scores for CVE-2003-0190
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2003-0190
-
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.Assigned by: nvd@nist.gov (Primary)
References for CVE-2003-0190
-
http://www.turbolinux.com/security/TLSA-2003-31.txt
404 Not FoundBroken Link
-
http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004815.html
[Full-Disclosure] Mailing List CharterBroken Link
-
http://marc.info/?l=bugtraq&m=106018677302607&w=2
'[OpenPKG-SA-2003.035] OpenPKG Security Advisory (openssh)' - MARCThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2003-222.html
SupportBroken Link
-
http://lab.mediaservice.net/advisory/2003-01-openssh.txt
Broken Link
-
http://www.securityfocus.com/bid/7467
Broken Link;Exploit;Patch;Third Party Advisory;VDB Entry;Vendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A445
404 Not FoundBroken Link
-
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2003-224.html
SupportBroken Link
-
http://marc.info/?l=bugtraq&m=105172058404810&w=2
'OpenSSH/PAM timing attack allows remote users identification' - MARCThird Party Advisory
Products affected by CVE-2003-0190
- cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
- cpe:2.3:a:openbsd:openssh:3.6.1:p1:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:scalance_x204rna_ecc_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*