Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0190


Vulnerability Score 5.0 5.0
CVE Id CVE-2003-0190
Last Modified 07 Mar 2011 09:12:15
Published 12 May 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.

Vulnerable Systems


  • Openbsd Openssh 3.4p1

  • Openbsd Openssh 3.6.1p1


BID - 7467

BUGTRAQ - 20030430 OpenSSH/PAM timing attack allows remote users identification

TURBO - TLSA-2003-31

REDHAT - RHSA-2003:224

REDHAT - RHSA-2003:222

BUGTRAQ - 20030806 [OpenPKG-SA-2003.035] OpenPKG Security Advisory (openssh)


Last Updated: 27 May 2016 10:37:48