pam_ssh: information (user account existence) leak
| Package(s): | pam_ssh | CVE #(s): | CVE-2009-1273 | ||||||||
| Created: | May 4, 2009 | Updated: | May 6, 2009 | ||||||||
| Description: | From the Red Hat bugzilla: A security flaw was found in PAM module, providing user authentication based on SSH keys. A remote attacker could use this flaw to recognize, if some username/login belongs to set of user accounts, existing on the system, and subsequently perform dictionary based password guess attack. | ||||||||||
| Alerts: |
| ||||||||||