CVE-2007-2243

OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
Configurations

Configuration 1

cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.4:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:4.6:*:*:*:*:*:*:*

Information

Published : 2007-04-25 04:19

Updated : 2017-07-29 01:31


NVD link : CVE-2007-2243

Mitre link : CVE-2007-2243

Products Affected
No products.
CWE