[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2005-2666Date: (C)2005-08-23   (M)2023-12-22


SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 1.2
Exploit Score: 1.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECUNIA-19243
SECUNIA-25098
RHSA-2007:0257
SCOSA-2006.11
http://nms.csail.mit.edu/projects/ssh/
http://www.eweek.com/article2/0%2C1759%2C1815795%2C00.asp
oval:org.mitre.oval:def:10201

CPE    30
cpe:/a:openbsd:openssh:3.7.1p2
cpe:/a:openbsd:openssh:3.9.1p1
cpe:/a:openbsd:openssh:3.1
cpe:/a:openbsd:openssh:3.0
...
CWE    1
CWE-255

© SecPod Technologies