Search for vulnerabilities
Vulnerability details: VCID-xp51-n9zh-aaab
Vulnerability ID VCID-xp51-n9zh-aaab
Aliases CVE-2003-0190
Summary OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.
Status Published
Exploitability 2.0
Weighted Severity 4.5
Risk 9.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-203 Observable Discrepancy
System Score Found at
epss 0.04914 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.04914 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.04914 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.04914 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.04914 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.04914 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.04914 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.04914 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.04914 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.04914 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.04914 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.04914 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.06860 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.06860 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.06860 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.06860 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.12913 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.13214 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.13214 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.13214 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
epss 0.16946 https://api.first.org/data/v1/epss?cve=CVE-2003-0190
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=1616997
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2003-0190
Reference id Reference type URL
http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004815.html
http://marc.info/?l=bugtraq&m=105172058404810&w=2
http://marc.info/?l=bugtraq&m=106018677302607&w=2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-0190.json
https://api.first.org/data/v1/epss?cve=CVE-2003-0190
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0190
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A445
http://www.redhat.com/support/errata/RHSA-2003-222.html
http://www.redhat.com/support/errata/RHSA-2003-224.html
http://www.securityfocus.com/bid/7467
http://www.turbolinux.com/security/TLSA-2003-31.txt
1616997 https://bugzilla.redhat.com/show_bug.cgi?id=1616997
196413 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=196413
cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1:p1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.6.1:p1:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*
cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*
CVE-2003-0190 https://nvd.nist.gov/vuln/detail/CVE-2003-0190
OSVDB-2140;CVE-2003-0190 Exploit http://lab.mediaservice.net/advisory/2003-01-openssh.txt
OSVDB-2140;CVE-2003-0190 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/25.c
OSVDB-2140;CVE-2003-0190 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/26.sh
RHSA-2003:222 https://access.redhat.com/errata/RHSA-2003:222
RHSA-2003:224 https://access.redhat.com/errata/RHSA-2003:224
USN-34-1 https://usn.ubuntu.com/34-1/
Data source Metasploit
Description This module uses a malformed packet or timing attack to enumerate users on an OpenSSH server. The default action sends a malformed (corrupted) SSH_MSG_USERAUTH_REQUEST packet using public key authentication (must be enabled) to enumerate users. On some versions of OpenSSH under some configurations, OpenSSH will return a "permission denied" error for an invalid user faster than for a valid user, creating an opportunity for a timing attack to enumerate users. Testing note: invalid users were logged, while valid users were not. YMMV.
Note 
Stability:
  - crash-service-down
Reliability: []
SideEffects:
  - ioc-in-logs
  - account-lockouts
Ransomware campaign use Unknown
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/scanner/ssh/ssh_enumusers.rb
Data source Exploit-DB
Date added Feb. 12, 2007
Description Portable OpenSSH 3.6.1p-PAM/4.1-SuSE - Timing Attack
Ransomware campaign use Known
Source publication date Feb. 13, 2007
Exploit type remote
Platform multiple
Source update date Sept. 27, 2016
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2003-0190
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.92998
EPSS Score 0.04914
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.