{"api_version":"1","generated_at":"2026-04-23T04:20:57+00:00","cve":"CVE-2003-1562","urls":{"html":"https://cve.report/CVE-2003-1562","api":"https://cve.report/api/cve/CVE-2003-1562.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2003-1562","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2003-1562"},"summary":{"title":"CVE-2003-1562","description":"sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190.","state":"PUBLISHED","assigner":"mitre","published_at":"2003-12-31 05:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["CWE-362","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.6","severity":"","vector":"AV:N/AC:H/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:C/I:C/A:C","baseScore":7.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://www.securityfocus.com/bid/7482","name":"http://www.securityfocus.com/bid/7482","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"OpenSSH Remote Root Authentication Timing Side-Channel Weakness","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securityfocus.com/archive/1/320153","name":"http://www.securityfocus.com/archive/1/320153","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/320440","name":"http://www.securityfocus.com/archive/1/320440","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf","name":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"404"},{"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248747","name":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248747","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"#248747 - sshd: no delay on successful root login with permitroot = no - Debian Bug report logs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/320302","name":"http://www.securityfocus.com/archive/1/320302","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2003-1562","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2003-1562","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"1.2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"1.2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"1.2.27","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"1.2.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"1.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"1.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"1.5.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"1.5.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"2.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"2.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"2.3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"2.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"2.5.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"2.5.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"2.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"2.9.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"2.9.9p2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"2.9p1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"2.9p2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.0.1p1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.0.2p1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.0p1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.1p1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.2.2p1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.2.3p1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.3p1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.4p1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.5p1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.6.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.6.1p1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2003","cve_id":"1562","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.6.1p2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[{"cvename":"CVE-2003-1562","organization":"Red Hat","lastmodified":"2008-08-11","contributor":"Joshua Bressers","statementText":"The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 and 3 which is in maintenance mode.","cve_year":"2003","cve_id":"1562","crc32":"3036bc9f"}],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2003-1562","qid":"591280","title":"Siemens SCALANCE X-200RNA Switch Devices Denial of Service (DoS) Multiple Vulnerabilities (ICSA-22-349-21, SSA-412672)"}]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T02:35:17.602Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"20030501 Re: OpenSSH/PAM timing attack allows remote users identification","tags":["mailing-list","x_transferred"],"url":"http://www.securityfocus.com/archive/1/320153"},{"name":"20030501 Re: OpenSSH/PAM timing attack allows remote users identification","tags":["mailing-list","x_transferred"],"url":"http://www.securityfocus.com/archive/1/320302"},{"name":"7482","tags":["vdb-entry","x_transferred"],"url":"http://www.securityfocus.com/bid/7482"},{"name":"20030505 Re: OpenSSH/PAM timing attack allows remote users identification","tags":["mailing-list","x_transferred"],"url":"http://www.securityfocus.com/archive/1/320440"},{"tags":["x_transferred"],"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248747"},{"tags":["x_transferred"],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2003-05-01T00:00:00.000Z","descriptions":[{"lang":"en","value":"sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2022-12-13T00:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"20030501 Re: OpenSSH/PAM timing attack allows remote users identification","tags":["mailing-list"],"url":"http://www.securityfocus.com/archive/1/320153"},{"name":"20030501 Re: OpenSSH/PAM timing attack allows remote users identification","tags":["mailing-list"],"url":"http://www.securityfocus.com/archive/1/320302"},{"name":"7482","tags":["vdb-entry"],"url":"http://www.securityfocus.com/bid/7482"},{"name":"20030505 Re: OpenSSH/PAM timing attack allows remote users identification","tags":["mailing-list"],"url":"http://www.securityfocus.com/archive/1/320440"},{"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248747"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"}]}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2003-1562","datePublished":"2008-08-04T10:00:00.000Z","dateReserved":"2008-08-03T00:00:00.000Z","dateUpdated":"2024-09-16T19:56:09.880Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2003-12-31 05:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["CWE-362","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:C/I:C/A:C","baseScore":7.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":4.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*","matchCriteriaId":"316C8534-9CE3-456C-A04E-5D2B789FBE31"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*","matchCriteriaId":"7BEB67BB-A442-46C2-8BC1-BBEB009AC532"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*","matchCriteriaId":"B6E307F1-C765-409C-835C-133026A5179C"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*","matchCriteriaId":"CA997F5E-29FE-454A-9006-001D732CD4B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*","matchCriteriaId":"114134F3-BDFD-465D-8317-82F9D6EFA5A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:1.3:*:*:*:*:*:*:*","matchCriteriaId":"DAB55300-F90D-45D3-88BC-5ADCEC366264"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:1.5:*:*:*:*:*:*:*","matchCriteriaId":"F3EC5611-31B5-4253-B99A-E81C202768A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*","matchCriteriaId":"43060323-1B51-45B4-BEB9-0E472896D8EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*","matchCriteriaId":"5441C616-D127-42D9-88AA-0FC9AA16EB03"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2:*:*:*:*:*:*:*","matchCriteriaId":"FE60A415-91E3-4819-A252-E86A32EC3018"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*","matchCriteriaId":"EED5E506-9D2B-4CAF-8455-B9BE7696E49C"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*","matchCriteriaId":"EE7CB94E-0479-4939-86F6-0B4BEDE2E739"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*","matchCriteriaId":"78135400-BA1A-42AA-BE17-5588442BCF11"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*","matchCriteriaId":"78F2EDC0-3189-4523-882B-9188C852F793"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*","matchCriteriaId":"CDEF5203-9D6B-4431-BF0D-C81B1E250AEC"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*","matchCriteriaId":"E2991C07-5486-4590-A74E-46A379DD3339"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*","matchCriteriaId":"4EB9BE06-0A36-4853-ADF4-9C1A1854278A"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*","matchCriteriaId":"8FC57F38-6545-497B-B6DA-FCAF51755988"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*","matchCriteriaId":"EC30FD61-10DA-4C9B-BCE8-AD75DCEB40BC"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*","matchCriteriaId":"EC1DF4CE-E71C-4C10-9F82-B9ECDC94933F"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*","matchCriteriaId":"80C55B73-497D-4A22-9230-A4160BF97344"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*","matchCriteriaId":"0238F009-4BBA-4E6B-9E2A-6045BA9BBE9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*","matchCriteriaId":"4B235167-9554-4431-88C5-9472DD36FCDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*","matchCriteriaId":"580008AC-2667-4708-8F7E-D70416A460EE"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"E05D8E86-EC01-4589-B372-4DEB7845C81F"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*","matchCriteriaId":"764AD252-CA2F-4A87-BCAA-7747E8C410E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*","matchCriteriaId":"CFFAA075-4277-4FD8-8A5A-867EEE1BA2F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*","matchCriteriaId":"269BB9F7-55E5-4CB3-8429-C37C7132799F"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*","matchCriteriaId":"C6E6F639-31A0-4026-B6D4-51BA79FB1D20"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*","matchCriteriaId":"0211BCE3-0DED-40BA-8A21-1A97B91F71C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*","matchCriteriaId":"B4EE9E4B-CABC-4EA2-9075-CC23CEB1B0A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*","matchCriteriaId":"5AD7BB30-AC79-4153-852C-1053DCF4DE53"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*","matchCriteriaId":"F48519C6-0C28-49A5-94C7-EF3AA88E2667"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*","matchCriteriaId":"9E188C66-C8F1-4C13-AAFF-7C83B2A884B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*","matchCriteriaId":"9039BE91-AF0A-41E7-8F9F-15375890E120"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*","matchCriteriaId":"08BCB2EA-DF9D-4853-805B-29FA6274E2B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*","matchCriteriaId":"0F93417F-2498-4576-9F5D-B59F77D39669"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*","matchCriteriaId":"AF3AB42C-B614-4746-99AD-E94140D91BF3"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*","matchCriteriaId":"458167E5-9BC2-40BE-AC8A-9761A4F19494"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*","matchCriteriaId":"3FB9B4C7-4235-4388-8E5D-E72ECCC37A7E"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*","matchCriteriaId":"86ACA0ED-A3D0-48A7-B06F-13709AD23B55"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*","matchCriteriaId":"0FEB9262-D05E-4610-9C79-3EDE44AC7C0B"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*","matchCriteriaId":"8176879B-1875-4AC9-B15A-2ABCFCD04F88"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*","matchCriteriaId":"FAA26A12-F96A-4025-BBCA-72B7A3B1E60C"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*","matchCriteriaId":"A02751E9-2D38-4495-9572-8D84D71D4773"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2003","CveId":"1562","Ordinal":"1","Title":"CVE-2003-1562","CVE":"CVE-2003-1562","Year":"2003"},"notes":[{"CveYear":"2003","CveId":"1562","Ordinal":"1","NoteData":"sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190.","Type":"Description","Title":"CVE-2003-1562"},{"CveYear":"2003","CveId":"1562","Ordinal":"2","NoteData":"2008-08-04","Type":"Other","Title":"Published"}]}}}