Total vulnerabilities in the database
SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.
| Software | From | Fixed in |
|---|---|---|
| openbsd / openssh | 3.8 | 3.8.x |
| openbsd / openssh | 3.8.1p1 | 3.8.1p1.x |
| openbsd / openssh | 3.1 | 3.1.x |
| openbsd / openssh | 3.0.2p1 | 3.0.2p1.x |
| openbsd / openssh | 3.8.1 | 3.8.1.x |
| openbsd / openssh | 3.7.1p2 | 3.7.1p2.x |
| openbsd / openssh | 3.2.3p1 | 3.2.3p1.x |
| openbsd / openssh | 3.1p1 | 3.1p1.x |
| openbsd / openssh | 3.6.1p2 | 3.6.1p2.x |
| openbsd / openssh | 3.9 | 3.9.x |
| openbsd / openssh | 3.0 | 3.0.x |
| openbsd / openssh | 3.2 | 3.2.x |
| openbsd / openssh | 3.6 | 3.6.x |
| openbsd / openssh | 3.7 | 3.7.x |
| openbsd / openssh | 3.5p1 | 3.5p1.x |
| openbsd / openssh | 3.0.1p1 | 3.0.1p1.x |
| openbsd / openssh | 3.3 | 3.3.x |
| openbsd / openssh | 3.2.2p1 | 3.2.2p1.x |
| openbsd / openssh | 3.9.1p1 | 3.9.1p1.x |
| openbsd / openssh | 3.0.2 | 3.0.2.x |
| openbsd / openssh | 3.4p1 | 3.4p1.x |
| openbsd / openssh | 3.6.1p1 | 3.6.1p1.x |
| openbsd / openssh | 3.0.1 | 3.0.1.x |
| openbsd / openssh | 3.6.1 | 3.6.1.x |
| openbsd / openssh | 3.7.1 | 3.7.1.x |
| openbsd / openssh | 3.4 | 3.4.x |
| openbsd / openssh | 3.5 | 3.5.x |
| openbsd / openssh | 3.0p1 | 3.0p1.x |
| openbsd / openssh | 3.3p1 | 3.3p1.x |
| openbsd / openssh | 3.9.1 | 3.9.1.x |