vulnerability announce CVE-2009-1273

pam_ssh: user detection

Synthesis of the vulnerability

An attacker can detect if a username is valid by looking at the pam_ssh prompt.

Severity: 1/4. Creation date: 01/04/2009.

Description of the vulnerability

The pam_ssh PAM module handles the authentication using the SSH protocol. When an attacker enters a valid username, pam_ssh displays "SSH passphrase". When an attacker enters an invalid username, pam_ssh displays "Password". An attacker can therefore use a brute force attack to detect valid usernames.

Complete Vigil@nce bulletin

Access to the complete Vigil@nce bulletin

Characteristics

Title: pam_ssh: user detection. Keywords: PAM Password SSH detection pam_ssh user. Identifiers: 263579, 492153, CVE-2009-1273, FEDORA-2009-3500, FEDORA-2009-3627, VIGILANCE-VUL-8587.

Information sources

Publications and announces Source example: Bug 263579 - ssh service exploitable if pam compiled with USE=ssh (usernames can be verified)

Solutions for this vulnerability

Patch or workaround

Supplements

Attack Exploit 0day or proof of concept

Computer vulnerabilities tracking service

The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Security vulnerability alerts