CVE-2017-2659
Summary
| CVE | CVE-2017-2659 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-03-21 15:59:00 UTC |
| Updated | 2019-10-09 23:27:00 UTC |
| Description | It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts. |
Risk And Classification
Problem Types: CWE-287
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Dropbear Ssh Project | Dropbear Ssh | All | All | All | All |
| Application | Dropbear Ssh Project | Dropbear Ssh | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| secure.ucc.asn.au/hg/dropbear/rev/d7784616409a | MISC | secure.ucc.asn.au | Patch, Third Party Advisory |
| 1433824 – (CVE-2017-2659) CVE-2017-2659 dropbear: Information leak when given invalid username | CONFIRM | bugzilla.redhat.com | Issue Tracking, Patch, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.