Andrew J.korty: >> Pam Ssh >> 1.92 Security Vulnerabilities
pam_ssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames.
CVSS Score
5.0
EPSS Score
0.004
Published
2009-04-08