Unspecified vulnerability in OpenSSH by providing large passwordID: oval:org.secpod.oval:def:39004 | Date: (C)2017-02-14 (M)2022-12-21 |
Class: VULNERABILITY | Family: windows |
The host is installed with OpenSSH before 7.3 and is prone to an unspecified vulnerability. A flaw is present in sshd, which does not properly handle SHA256 or SHA512 are used for user password hashing. Successful exploitation could allow remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
Platform: |
Microsoft Windows 11 |
Microsoft Windows Server 2022 |
Microsoft Windows Server 2019 |
Microsoft Windows 7 |
Microsoft Windows 10 |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Microsoft Windows Vista |
Microsoft Windows XP |
Microsoft Windows 8 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2016 |