{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89700?format=json","vulnerability_id":"VCID-1pq3-ktfr-vqa4","summary":"security flaw","aliases":[{"alias":"CVE-2003-0190"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/933886?format=json","purl":"pkg:deb/debian/openssh@1:3.8.1p1-8.sarge.4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:3.8.1p1-8.sarge.4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/571185?format=json","purl":"pkg:deb/debian/openssh@1:3.8.1p1-8.sarge.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sf-sq1n-8ybk"},{"vulnerability":"VCID-27t6-mvt2-6kcd"},{"vulnerability":"VCID-3mzh-y1ek-cqh9"},{"vulnerability":"VCID-45wb-44rx-1bhw"},{"vulnerability":"VCID-48u8-uvvd-m7ef"},{"vulnerability":"VCID-4fj8-vfgx-pyh9"},{"vulnerability":"VCID-6n7q-b264-b3c9"},{"vulnerability":"VCID-81na-a8p9-3fc3"},{"vulnerability":"VCID-84r3-6n5q-1kft"},{"vulnerability":"VCID-87uy-3q5r-r3b7"},{"vulnerability":"VCID-9x46-xm8n-m3bs"},{"vulnerability":"VCID-9zr9-947g-g7dn"},{"vulnerability":"VCID-a7kr-mfau-bufd"},{"vulnerability":"VCID-aaue-a343-u7f5"},{"vulnerability":"VCID-ajmg-5kgx-k7h5"},{"vulnerability":"VCID-akd1-gm5s-cfcs"},{"vulnerability":"VCID-bdnh-bkx5-h3fe"},{"vulnerability":"VCID-c72q-f2cy-eqgc"},{"vulnerability":"VCID-dw3s-w6py-muh9"},{"vulnerability":"VCID-e3hw-afkw-f7bt"},{"vulnerability":"VCID-fczw-59xy-83c6"},{"vulnerability":"VCID-g1vx-bcxw-mqfg"},{"vulnerability":"VCID-g5qe-8p8p-3kd6"},{"vulnerability":"VCID-g8g3-ts9j-8uab"},{"vulnerability":"VCID-ge2m-my5w-z3eb"},{"vulnerability":"VCID-gns3-z8js-4fef"},{"vulnerability":"VCID-gzmm-8kvw-6qbv"},{"vulnerability":"VCID-ha8v-pqwf-r3a1"},{"vulnerability":"VCID-hmqc-xunp-myap"},{"vulnerability":"VCID-hse5-y15y-n3dw"},{"vulnerability":"VCID-jzk9-kyvp-5qdz"},{"vulnerability":"VCID-jzn6-bzzf-nugp"},{"vulnerability":"VCID-k8ae-fc4a-gycy"},{"vulnerability":"VCID-kbba-6c9u-tygk"},{"vulnerability":"VCID-mpex-kz3k-97aq"},{"vulnerability":"VCID-myec-kc76-9bc1"},{"vulnerability":"VCID-p5ps-aad3-que9"},{"vulnerability":"VCID-qt1x-kyuf-gker"},{"vulnerability":"VCID-qx5k-n11s-rucg"},{"vulnerability":"VCID-rwzw-vrhk-sqfw"},{"vulnerability":"VCID-sv83-ggsr-27au"},{"vulnerability":"VCID-t1sg-4bvj-qqfk"},{"vulnerability":"VCID-tqd9-nyt5-13e7"},{"vulnerability":"VCID-tur1-ruxr-yqe3"},{"vulnerability":"VCID-u21t-acnr-dub2"},{"vulnerability":"VCID-u4sn-d8j6-bkdx"},{"vulnerability":"VCID-ubjj-qb2c-n3d4"},{"vulnerability":"VCID-v1vq-wecd-1ud9"},{"vulnerability":"VCID-v27n-4vt2-rffw"},{"vulnerability":"VCID-vj3u-a1c3-6qe5"},{"vulnerability":"VCID-vrgz-eguk-k3dy"},{"vulnerability":"VCID-wkpy-uwex-93db"},{"vulnerability":"VCID-yrvb-stza-yfdp"},{"vulnerability":"VCID-yrzy-er8x-c3ad"},{"vulnerability":"VCID-ytkr-ev34-buhd"},{"vulnerability":"VCID-z21r-z4zr-p3ex"},{"vulnerability":"VCID-zncv-645p-f3gn"},{"vulnerability":"VCID-zxw6-2um9-23e7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:3.8.1p1-8.sarge.6"},{"url":"http://public2.vulnerablecode.io/api/packages/933878?format=json","purl":"pkg:deb/debian/openssh@1:8.4p1-5%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-792n-jkzj-qqhd"},{"vulnerability":"VCID-8efr-budq-6bb6"},{"vulnerability":"VCID-a4eq-r71a-buhm"},{"vulnerability":"VCID-a7m6-uqbt-nqd9"},{"vulnerability":"VCID-ajmg-5kgx-k7h5"},{"vulnerability":"VCID-b4uc-yh56-muej"},{"vulnerability":"VCID-bnrq-2fsr-mfgd"},{"vulnerability":"VCID-kgn5-p8kx-qucj"},{"vulnerability":"VCID-wga4-sqwk-4bfj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:8.4p1-5%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/933876?format=json","purl":"pkg:deb/debian/openssh@1:9.2p1-2%2Bdeb12u7?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-792n-jkzj-qqhd"},{"vulnerability":"VCID-8efr-budq-6bb6"},{"vulnerability":"VCID-a4eq-r71a-buhm"},{"vulnerability":"VCID-a7m6-uqbt-nqd9"},{"vulnerability":"VCID-ajmg-5kgx-k7h5"},{"vulnerability":"VCID-bnrq-2fsr-mfgd"},{"vulnerability":"VCID-kgn5-p8kx-qucj"},{"vulnerability":"VCID-wga4-sqwk-4bfj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:9.2p1-2%252Bdeb12u7%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/933880?format=json","purl":"pkg:deb/debian/openssh@1:10.0p1-7%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-792n-jkzj-qqhd"},{"vulnerability":"VCID-8efr-budq-6bb6"},{"vulnerability":"VCID-a4eq-r71a-buhm"},{"vulnerability":"VCID-ajmg-5kgx-k7h5"},{"vulnerability":"VCID-bnrq-2fsr-mfgd"},{"vulnerability":"VCID-kgn5-p8kx-qucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.0p1-7%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/933879?format=json","purl":"pkg:deb/debian/openssh@1:10.2p1-6?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-792n-jkzj-qqhd"},{"vulnerability":"VCID-8efr-budq-6bb6"},{"vulnerability":"VCID-a4eq-r71a-buhm"},{"vulnerability":"VCID-bnrq-2fsr-mfgd"},{"vulnerability":"VCID-kgn5-p8kx-qucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.2p1-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062514?format=json","purl":"pkg:deb/debian/openssh@1:10.3p1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.3p1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1103028?format=json","purl":"pkg:deb/debian/openssh@1:10.3p1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:10.3p1-2%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/571184?format=json","purl":"pkg:deb/debian/openssh@1:3.4p1-1.woody.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11sf-sq1n-8ybk"},{"vulnerability":"VCID-1pq3-ktfr-vqa4"},{"vulnerability":"VCID-27t6-mvt2-6kcd"},{"vulnerability":"VCID-3mzh-y1ek-cqh9"},{"vulnerability":"VCID-45wb-44rx-1bhw"},{"vulnerability":"VCID-48u8-uvvd-m7ef"},{"vulnerability":"VCID-4fj8-vfgx-pyh9"},{"vulnerability":"VCID-61qv-3p82-fuh9"},{"vulnerability":"VCID-679v-qrkw-qbar"},{"vulnerability":"VCID-6n7q-b264-b3c9"},{"vulnerability":"VCID-6tgm-yq5b-gyev"},{"vulnerability":"VCID-81na-a8p9-3fc3"},{"vulnerability":"VCID-84r3-6n5q-1kft"},{"vulnerability":"VCID-87uy-3q5r-r3b7"},{"vulnerability":"VCID-9x46-xm8n-m3bs"},{"vulnerability":"VCID-9zr9-947g-g7dn"},{"vulnerability":"VCID-a7kr-mfau-bufd"},{"vulnerability":"VCID-aaue-a343-u7f5"},{"vulnerability":"VCID-ajmg-5kgx-k7h5"},{"vulnerability":"VCID-akd1-gm5s-cfcs"},{"vulnerability":"VCID-bdnh-bkx5-h3fe"},{"vulnerability":"VCID-bemm-xfxx-bqhb"},{"vulnerability":"VCID-c72q-f2cy-eqgc"},{"vulnerability":"VCID-dw3s-w6py-muh9"},{"vulnerability":"VCID-e3hw-afkw-f7bt"},{"vulnerability":"VCID-fczw-59xy-83c6"},{"vulnerability":"VCID-g1vx-bcxw-mqfg"},{"vulnerability":"VCID-g5qe-8p8p-3kd6"},{"vulnerability":"VCID-g8g3-ts9j-8uab"},{"vulnerability":"VCID-ge2m-my5w-z3eb"},{"vulnerability":"VCID-gns3-z8js-4fef"},{"vulnerability":"VCID-gzmm-8kvw-6qbv"},{"vulnerability":"VCID-ha8v-pqwf-r3a1"},{"vulnerability":"VCID-hmqc-xunp-myap"},{"vulnerability":"VCID-hse5-y15y-n3dw"},{"vulnerability":"VCID-hu66-jpbe-dfhn"},{"vulnerability":"VCID-jzk9-kyvp-5qdz"},{"vulnerability":"VCID-jzn6-bzzf-nugp"},{"vulnerability":"VCID-k8ae-fc4a-gycy"},{"vulnerability":"VCID-kbba-6c9u-tygk"},{"vulnerability":"VCID-kgja-5xxj-1ucg"},{"vulnerability":"VCID-m6qv-m21j-g3cj"},{"vulnerability":"VCID-mpex-kz3k-97aq"},{"vulnerability":"VCID-myec-kc76-9bc1"},{"vulnerability":"VCID-nrj6-k3qf-2ubp"},{"vulnerability":"VCID-p5ps-aad3-que9"},{"vulnerability":"VCID-qt1x-kyuf-gker"},{"vulnerability":"VCID-qx5k-n11s-rucg"},{"vulnerability":"VCID-rwzw-vrhk-sqfw"},{"vulnerability":"VCID-sv83-ggsr-27au"},{"vulnerability":"VCID-t1sg-4bvj-qqfk"},{"vulnerability":"VCID-tqd9-nyt5-13e7"},{"vulnerability":"VCID-tur1-ruxr-yqe3"},{"vulnerability":"VCID-u21t-acnr-dub2"},{"vulnerability":"VCID-u4sn-d8j6-bkdx"},{"vulnerability":"VCID-u8z5-76zk-hqah"},{"vulnerability":"VCID-ubjj-qb2c-n3d4"},{"vulnerability":"VCID-v1vq-wecd-1ud9"},{"vulnerability":"VCID-v27n-4vt2-rffw"},{"vulnerability":"VCID-vj3u-a1c3-6qe5"},{"vulnerability":"VCID-vrgz-eguk-k3dy"},{"vulnerability":"VCID-wkpy-uwex-93db"},{"vulnerability":"VCID-wx7h-g53d-67eh"},{"vulnerability":"VCID-yrvb-stza-yfdp"},{"vulnerability":"VCID-yrzy-er8x-c3ad"},{"vulnerability":"VCID-ytkr-ev34-buhd"},{"vulnerability":"VCID-z21r-z4zr-p3ex"},{"vulnerability":"VCID-zncv-645p-f3gn"},{"vulnerability":"VCID-zxw6-2um9-23e7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssh@1:3.4p1-1.woody.3"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-0190.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-0190.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2003-0190","reference_id":"","reference_type":"","scores":[{"value":"0.20579","scoring_system":"epss","scoring_elements":"0.95642","published_at":"2026-05-15T12:55:00Z"},{"value":"0.20579","scoring_system":"epss","scoring_elements":"0.95589","published_at":"2026-04-21T12:55:00Z"},{"value":"0.20579","scoring_system":"epss","scoring_elements":"0.95591","published_at":"2026-04-24T12:55:00Z"},{"value":"0.20579","scoring_system":"epss","scoring_elements":"0.95592","published_at":"2026-04-29T12:55:00Z"},{"value":"0.20579","scoring_system":"epss","scoring_elements":"0.95607","published_at":"2026-05-05T12:55:00Z"},{"value":"0.20579","scoring_system":"epss","scoring_elements":"0.95611","published_at":"2026-05-07T12:55:00Z"},{"value":"0.20579","scoring_system":"epss","scoring_elements":"0.95617","published_at":"2026-05-09T12:55:00Z"},{"value":"0.20579","scoring_system":"epss","scoring_elements":"0.95623","published_at":"2026-05-11T12:55:00Z"},{"value":"0.20579","scoring_system":"epss","scoring_elements":"0.95628","published_at":"2026-05-12T12:55:00Z"},{"value":"0.20579","scoring_system":"epss","scoring_elements":"0.95641","published_at":"2026-05-14T12:55:00Z"},{"value":"0.22646","scoring_system":"epss","scoring_elements":"0.95821","published_at":"2026-04-01T12:55:00Z"},{"value":"0.22646","scoring_system":"epss","scoring_elements":"0.95829","published_at":"2026-04-02T12:55:00Z"},{"value":"0.22646","scoring_system":"epss","scoring_elements":"0.95838","published_at":"2026-04-04T12:55:00Z"},{"value":"0.22646","scoring_system":"epss","scoring_elements":"0.9584","published_at":"2026-04-07T12:55:00Z"},{"value":"0.22646","scoring_system":"epss","scoring_elements":"0.95848","published_at":"2026-04-08T12:55:00Z"},{"value":"0.22646","scoring_system":"epss","scoring_elements":"0.95852","published_at":"2026-04-09T12:55:00Z"},{"value":"0.22646","scoring_system":"epss","scoring_elements":"0.95855","published_at":"2026-04-12T12:55:00Z"},{"value":"0.22646","scoring_system":"epss","scoring_elements":"0.95856","published_at":"2026-04-13T12:55:00Z"},{"value":"0.22646","scoring_system":"epss","scoring_elements":"0.95868","published_at":"2026-04-16T12:55:00Z"},{"value":"0.22646","scoring_system":"epss","scoring_elements":"0.95873","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2003-0190"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0190","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0190"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1616997","reference_id":"1616997","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1616997"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=196413","reference_id":"196413","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=196413"},{"reference_url":"http://lab.mediaservice.net/advisory/2003-01-openssh.txt","reference_id":"OSVDB-2140;CVE-2003-0190","reference_type":"exploit","scores":[],"url":"http://lab.mediaservice.net/advisory/2003-01-openssh.txt"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/25.c","reference_id":"OSVDB-2140;CVE-2003-0190","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/25.c"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/26.sh","reference_id":"OSVDB-2140;CVE-2003-0190","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/26.sh"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/3303.sh","reference_id":"OSVDB-32721;CVE-2006-5229;OSVDB-2140;CVE-2003-0190","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/3303.sh"},{"reference_url":"https://access.redhat.com/errata/RHSA-2003:222","reference_id":"RHSA-2003:222","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2003:222"},{"reference_url":"https://access.redhat.com/errata/RHSA-2003:224","reference_id":"RHSA-2003:224","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2003:224"},{"reference_url":"https://usn.ubuntu.com/34-1/","reference_id":"USN-34-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/34-1/"}],"weaknesses":[],"exploits":[{"date_added":null,"description":"This module uses a malformed packet or timing attack to enumerate users on\n          an OpenSSH server.\n\n          The default action sends a malformed (corrupted) SSH_MSG_USERAUTH_REQUEST\n          packet using public key authentication (must be enabled) to enumerate users.\n\n          On some versions of OpenSSH under some configurations, OpenSSH will return a\n          \"permission denied\" error for an invalid user faster than for a valid user,\n          creating an opportunity for a timing attack to enumerate users.\n\n          Testing note: invalid users were logged, while valid users were not. YMMV.","required_action":null,"due_date":null,"notes":"Stability:\n  - crash-service-down\nReliability: []\nSideEffects:\n  - ioc-in-logs\n  - account-lockouts\n","known_ransomware_campaign_use":false,"source_date_published":null,"exploit_type":null,"platform":"","source_date_updated":null,"data_source":"Metasploit","source_url":"https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/scanner/ssh/ssh_enumusers.rb"},{"date_added":"2007-02-12","description":"Portable OpenSSH 3.6.1p-PAM/4.1-SuSE - Timing Attack","required_action":null,"due_date":null,"notes":null,"known_ransomware_campaign_use":true,"source_date_published":"2007-02-13","exploit_type":"remote","platform":"multiple","source_date_updated":"2016-09-27","data_source":"Exploit-DB","source_url":""}],"severity_range_score":null,"exploitability":"2.0","weighted_severity":"0.2","risk_score":0.4,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1pq3-ktfr-vqa4"}