Openbsd: >> Openssh >> 3.6.1 Security Vulnerabilities
OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address.
CVSS Score
7.5
EPSS Score
0.058
Published
2003-07-02
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.
CVSS Score
5.0
EPSS Score
0.768
Published
2003-05-12
Page 7