CVE-1999-1231

Published: Jun 9, 1999Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

ssh 2.0.12, and possibly other versions, allows valid user names to attempt to enter the correct password multiple times, but only prompts an invalid user name for a password once, which allows remote attackers to determine user account names on the server.

Affected (13)

Products: Ssh: Ssh2

Ssh

1 product

Ssh2

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Ssh Ssh2	Version 2.0.10
Ssh Ssh2	Version 2.0.11
Ssh Ssh2	Version 2.0.12
Ssh Ssh2	Version 2.0.1
Ssh Ssh2	Version 2.0.2
Ssh Ssh2	Version 2.0.3
Ssh Ssh2	Version 2.0.4
Ssh Ssh2	Version 2.0.5
Ssh Ssh2	Version 2.0.6
Ssh Ssh2	Version 2.0.7
Ssh Ssh2	Version 2.0.8
Ssh Ssh2	Version 2.0.9
Ssh Ssh2	Version 2.0

References (4)

http://www.securityfocus.com/archive/1/14758

Source: cve@mitre.org

ExploitPatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/2276

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/14758

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/2276

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.