| CVE-2003-1562 | Date: (C)2003-12-31 (M)2023-12-22 |
sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190.
CVSS Score and Metrics +CVSS Score and Metrics -| CVSS V2 Severity: |
| CVSS Score : 7.6 |
| Exploit Score: 4.9 |
| Impact Score: 10.0 |
| |
| CVSS V2 Metrics: |
| Access Vector: NETWORK |
| Access Complexity: HIGH |
| Authentication: NONE |
| Confidentiality: COMPLETE |
| Integrity: COMPLETE |
| Availability: COMPLETE |
| | |
