[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97147

 
 

909

 
 

78764

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2005-2666

Date: (C)2005-08-23   (M)2017-10-12 


SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.

CVSS Score: 1.2Access Vector: LOCAL
Exploit Score: 1.9Access Complexity: HIGH
Impact Score: 2.9Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: NONE
 Availability: NONE





Reference:
SECUNIA-19243
SECUNIA-25098
RHSA-2007:0257
SCOSA-2006.11
http://nms.csail.mit.edu/projects/ssh/
http://www.eweek.com/article2/0
00.asp

CPE    30
cpe:/a:openbsd:openssh:3.7.1p2
cpe:/a:openbsd:openssh:3.9.1p1
cpe:/a:openbsd:openssh:3.1
cpe:/a:openbsd:openssh:3.0
...
CWE    1
CWE-255

© 2013 SecPod Technologies