CVE-2001-1476
Summary
| CVE | CVE-2001-1476 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2001-01-18 05:00:00 UTC |
| Updated | 2025-04-03 01:03:51 UTC |
| Description | SSH before 2.0, with RC4 encryption and the "disallow NULL passwords" option enabled, makes it easier for remote attackers to guess portions of user passwords by replaying user sessions with certain modifications, which trigger different messages depending on whether the guess is correct or not. |
Risk And Classification
Primary CVSS: v2.0 7.5 from [email protected]
AV:N/AC:L/Au:N/C:P/I:P/A:P
Problem Types: NVD-CWE-Other | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:L/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ssh | Ssh | 1.2.24 | All | All | All |
| Application | Ssh | Ssh | 1.2.25 | All | All | All |
| Application | Ssh | Ssh | 1.2.26 | All | All | All |
| Application | Ssh | Ssh | 1.2.27 | All | All | All |
| Application | Ssh | Ssh | 1.2.28 | All | All | All |
| Application | Ssh | Ssh | 1.2.29 | All | All | All |
| Application | Ssh | Ssh | 1.2.30 | All | All | All |
| Application | Ssh | Ssh | 1.2.31 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| CERT/CC Vulnerability Note VU#565052 | af854a3a-2127-422b-91ae-364da2661108 | www.kb.cert.org | Exploit, Patch, US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.