Vulnerability Database

296,147

Total vulnerabilities in the database

CVE-1999-1231

ssh 2.0.12, and possibly other versions, allows valid user names to attempt to enter the correct password multiple times, but only prompts an invalid user name for a password once, which allows remote attackers to determine user account names on the server.

  • Published: Jun 9, 1999
  • Updated: Apr 13, 2023
  • CVE: CVE-1999-1231
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Software From Fixed in
ssh / ssh2 2.0.3 2.0.3.x
ssh / ssh2 2.0.8 2.0.8.x
ssh / ssh2 2.0.11 2.0.11.x
ssh / ssh2 2.0.9 2.0.9.x
ssh / ssh2 2.0 2.0.x
ssh / ssh2 2.0.5 2.0.5.x
ssh / ssh2 2.0.6 2.0.6.x
ssh / ssh2 2.0.4 2.0.4.x
ssh / ssh2 2.0.1 2.0.1.x
ssh / ssh2 2.0.10 2.0.10.x
ssh / ssh2 2.0.12 2.0.12.x
ssh / ssh2 2.0.7 2.0.7.x
ssh / ssh2 2.0.2 2.0.2.x