Vulnerability Database

309,961

Total vulnerabilities in the database

CVE-2017-2659

It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts.

Published: Mar 21, 2019
Updated: Nov 9, 2025
CVE: CVE-2017-2659
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-287
CWE-209

OWASP TOP 10:

A2 - Broken Authentication
A6 - Security Misconfiguration

Affected Software
References

Software	From	Fixed in
dropbear_ssh_project / dropbear_ssh	-	2013.59

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2659
https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a#l1.86

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo