{"api_version":"1","generated_at":"2026-07-03T19:28:40+00:00","cve":"CVE-2010-4478","urls":{"html":"https://cve.report/CVE-2010-4478","api":"https://cve.report/api/cve/CVE-2010-4478.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2010-4478","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2010-4478"},"summary":{"title":"CVE-2010-4478","description":"OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.","state":"PUBLISHED","assigner":"mitre","published_at":"2010-12-06 22:30:31","updated_at":"2026-05-28 20:16:19"},"problem_types":["CWE-287","n/a","CWE-287 CWE-287 Improper Authentication"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c.diff?r1=1.4%3Br2=1.5%3Bf=h","name":"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c.diff?r1=1.4%3Br2=1.5%3Bf=h","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"410 Gone","mime":"text/html","httpstatus":"410","archivestatus":"404"},{"url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673","name":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Juniper Networks - 2015-04 Security Bulletin: IDP: Multiple vulnerabilities addressed by third party software updates.","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12338","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12338","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=659297","name":"https://bugzilla.redhat.com/show_bug.cgi?id=659297","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"Bug 659297 – CVE-2010-4252 openssl: session key retrieval flaw in J-PAKE implementation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/seb-m/jpake","name":"https://github.com/seb-m/jpake","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"GitHub - seb-m/jpake: Small-subgroup confinement issue in the OpenSSL and OpenSSH implementations of J-PAKE.","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c#rev1.5","name":"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c#rev1.5","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"CVS log for src/usr.bin/ssh/jpake.c","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf","name":"http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c.diff?r1=1.4;r2=1.5;f=h","name":"CONFIRM:http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c.diff?r1=1.4;r2=1.5;f=h","refsource":"MITRE","tags":[],"title":"Error","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"https://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf","name":"https://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf","refsource":"MITRE","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2010-4478","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-4478","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"1.2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"1.2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"1.2.27","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"1.2.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"1.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"1.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"1.5.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"1.5.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"2.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"2.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"2.3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"2.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"2.5.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"2.5.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"2.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"2.9.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"2.9.9p2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"2.9p1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"2.9p2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.0.1p1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.0.2p1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.0p1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.1p1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.2.2p1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.2.3p1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.3p1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.4p1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.5p1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.6.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.6.1p1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.6.1p2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.7.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.7.1p1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.7.1p2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.8.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.8.1p1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.9.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"3.9.1p1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"4.0p1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"4.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"4.1p1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"4.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"4.2p1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"4.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"4.3p1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"4.3p2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"4.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"4.4p1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"4.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"4.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"4.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"4.7p1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"4.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"4.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"5.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"5.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"5.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"5.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"5.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"5.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"4478","vulnerable":"1","versionEndIncluding":"5.6","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openbsd","cpe5":"openssh","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2010","cve_id":"4478","cve":"CVE-2010-4478","epss":"0.003830000","percentile":"0.598680000","score_date":"2026-06-02","updated_at":"2026-06-03 00:08:17"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T03:43:14.923Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c#rev1.5"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673"},{"name":"oval:org.mitre.oval:def:12338","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12338"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c.diff?r1=1.4%3Br2=1.5%3Bf=h"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/seb-m/jpake"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=659297"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2010-4478","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-05-28T18:51:26.074550Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-287","description":"CWE-287 Improper Authentication","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-28T18:51:30.518Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2010-09-12T00:00:00.000Z","descriptions":[{"lang":"en","value":"OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-09-18T12:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c#rev1.5"},{"tags":["x_refsource_CONFIRM"],"url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673"},{"name":"oval:org.mitre.oval:def:12338","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12338"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c.diff?r1=1.4%3Br2=1.5%3Bf=h"},{"tags":["x_refsource_MISC"],"url":"https://github.com/seb-m/jpake"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=659297"},{"tags":["x_refsource_MISC"],"url":"http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2010-4478","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c#rev1.5","refsource":"CONFIRM","url":"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c#rev1.5"},{"name":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673","refsource":"CONFIRM","url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673"},{"name":"oval:org.mitre.oval:def:12338","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12338"},{"name":"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c.diff?r1=1.4;r2=1.5;f=h","refsource":"CONFIRM","url":"http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c.diff?r1=1.4;r2=1.5;f=h"},{"name":"https://github.com/seb-m/jpake","refsource":"MISC","url":"https://github.com/seb-m/jpake"},{"name":"https://bugzilla.redhat.com/show_bug.cgi?id=659297","refsource":"CONFIRM","url":"https://bugzilla.redhat.com/show_bug.cgi?id=659297"},{"name":"http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf","refsource":"MISC","url":"http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2010-4478","datePublished":"2010-12-06T22:00:00.000Z","dateReserved":"2010-12-06T00:00:00.000Z","dateUpdated":"2026-05-28T18:51:30.518Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2010-12-06 22:30:31","lastModifiedDate":"2026-05-28 20:16:19","problem_types":["CWE-287","n/a","CWE-287 CWE-287 Improper Authentication"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*","versionEndIncluding":"5.6","matchCriteriaId":"607877D1-B86A-4973-A5D7-D3D0247FC272"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*","matchCriteriaId":"316C8534-9CE3-456C-A04E-5D2B789FBE31"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*","matchCriteriaId":"7BEB67BB-A442-46C2-8BC1-BBEB009AC532"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*","matchCriteriaId":"B6E307F1-C765-409C-835C-133026A5179C"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*","matchCriteriaId":"CA997F5E-29FE-454A-9006-001D732CD4B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*","matchCriteriaId":"114134F3-BDFD-465D-8317-82F9D6EFA5A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:1.3:*:*:*:*:*:*:*","matchCriteriaId":"DAB55300-F90D-45D3-88BC-5ADCEC366264"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:1.5:*:*:*:*:*:*:*","matchCriteriaId":"F3EC5611-31B5-4253-B99A-E81C202768A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*","matchCriteriaId":"43060323-1B51-45B4-BEB9-0E472896D8EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*","matchCriteriaId":"5441C616-D127-42D9-88AA-0FC9AA16EB03"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*","matchCriteriaId":"EED5E506-9D2B-4CAF-8455-B9BE7696E49C"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*","matchCriteriaId":"EE7CB94E-0479-4939-86F6-0B4BEDE2E739"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*","matchCriteriaId":"78135400-BA1A-42AA-BE17-5588442BCF11"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*","matchCriteriaId":"78F2EDC0-3189-4523-882B-9188C852F793"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*","matchCriteriaId":"CDEF5203-9D6B-4431-BF0D-C81B1E250AEC"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*","matchCriteriaId":"E2991C07-5486-4590-A74E-46A379DD3339"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*","matchCriteriaId":"4EB9BE06-0A36-4853-ADF4-9C1A1854278A"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*","matchCriteriaId":"8FC57F38-6545-497B-B6DA-FCAF51755988"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*","matchCriteriaId":"EC30FD61-10DA-4C9B-BCE8-AD75DCEB40BC"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*","matchCriteriaId":"EC1DF4CE-E71C-4C10-9F82-B9ECDC94933F"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*","matchCriteriaId":"80C55B73-497D-4A22-9230-A4160BF97344"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*","matchCriteriaId":"0238F009-4BBA-4E6B-9E2A-6045BA9BBE9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*","matchCriteriaId":"4B235167-9554-4431-88C5-9472DD36FCDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*","matchCriteriaId":"580008AC-2667-4708-8F7E-D70416A460EE"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"E05D8E86-EC01-4589-B372-4DEB7845C81F"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*","matchCriteriaId":"764AD252-CA2F-4A87-BCAA-7747E8C410E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*","matchCriteriaId":"CFFAA075-4277-4FD8-8A5A-867EEE1BA2F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*","matchCriteriaId":"269BB9F7-55E5-4CB3-8429-C37C7132799F"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*","matchCriteriaId":"C6E6F639-31A0-4026-B6D4-51BA79FB1D20"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*","matchCriteriaId":"0211BCE3-0DED-40BA-8A21-1A97B91F71C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*","matchCriteriaId":"B4EE9E4B-CABC-4EA2-9075-CC23CEB1B0A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*","matchCriteriaId":"5AD7BB30-AC79-4153-852C-1053DCF4DE53"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*","matchCriteriaId":"F48519C6-0C28-49A5-94C7-EF3AA88E2667"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*","matchCriteriaId":"9E188C66-C8F1-4C13-AAFF-7C83B2A884B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*","matchCriteriaId":"9039BE91-AF0A-41E7-8F9F-15375890E120"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*","matchCriteriaId":"08BCB2EA-DF9D-4853-805B-29FA6274E2B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*","matchCriteriaId":"0F93417F-2498-4576-9F5D-B59F77D39669"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*","matchCriteriaId":"AF3AB42C-B614-4746-99AD-E94140D91BF3"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*","matchCriteriaId":"458167E5-9BC2-40BE-AC8A-9761A4F19494"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*","matchCriteriaId":"3FB9B4C7-4235-4388-8E5D-E72ECCC37A7E"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*","matchCriteriaId":"86ACA0ED-A3D0-48A7-B06F-13709AD23B55"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*","matchCriteriaId":"0FEB9262-D05E-4610-9C79-3EDE44AC7C0B"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*","matchCriteriaId":"8176879B-1875-4AC9-B15A-2ABCFCD04F88"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*","matchCriteriaId":"FAA26A12-F96A-4025-BBCA-72B7A3B1E60C"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*","matchCriteriaId":"A02751E9-2D38-4495-9572-8D84D71D4773"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.7:*:*:*:*:*:*:*","matchCriteriaId":"7A36BEA2-DAE4-423C-8D85-0F6036351F98"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*","matchCriteriaId":"80DC64F6-FE28-44BA-91D1-EC2DB11B2CFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*","matchCriteriaId":"DF23EBA1-D3A9-413F-9E83-43A91492C031"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.7.1p2:*:*:*:*:*:*:*","matchCriteriaId":"44CCF5CD-B434-4392-A79A-C1945D2AE30A"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.8:*:*:*:*:*:*:*","matchCriteriaId":"AEB456B8-9D8B-4985-858D-6A43FA5EE2E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.8.1:*:*:*:*:*:*:*","matchCriteriaId":"2BD4E0F6-4EEA-4EC7-83E7-FC6F7D2E7A3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.8.1p1:*:*:*:*:*:*:*","matchCriteriaId":"C35F4ABE-1B0C-4195-8F99-BF993A17882B"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.9:*:*:*:*:*:*:*","matchCriteriaId":"ADC7352D-2916-47F7-A256-F897D763DC9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.9.1:*:*:*:*:*:*:*","matchCriteriaId":"AEC3FC36-B246-4DCB-8984-228525D9A356"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:3.9.1p1:*:*:*:*:*:*:*","matchCriteriaId":"BC861000-37D8-4B0F-BFA0-57E9BE125B56"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.0:*:*:*:*:*:*:*","matchCriteriaId":"E003AB3C-8DF3-4AE8-82A3-984F30E5599B"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.0p1:*:*:*:*:*:*:*","matchCriteriaId":"5EBE75FE-DDE2-43BA-80EF-15A6698EABC9"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:*","matchCriteriaId":"1FF67D77-02AC-4807-984D-C5AE9799F051"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.1p1:*:*:*:*:*:*:*","matchCriteriaId":"683B26F0-5EA2-455A-8948-27C100BBA3AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.2:*:*:*:*:*:*:*","matchCriteriaId":"E5A75B23-2DD7-4EB2-BEAA-049FF4E51A14"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.2p1:*:*:*:*:*:*:*","matchCriteriaId":"7279E1EC-DEBC-4ACC-925D-06A7697C162F"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.3:*:*:*:*:*:*:*","matchCriteriaId":"7910598E-BEC1-4644-9DE4-D8BE505A4F9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.3p1:*:*:*:*:*:*:*","matchCriteriaId":"FB416D0C-6C86-450F-8917-D4B1BD82AB1E"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.3p2:*:*:*:*:*:*:*","matchCriteriaId":"3640CCC9-EC4A-44A4-B747-7BAAAD3460C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.4:*:*:*:*:*:*:*","matchCriteriaId":"B2DD362E-9EA9-4E88-9A94-D7B471EB1FD4"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.4p1:*:*:*:*:*:*:*","matchCriteriaId":"E3094069-AC2E-43BD-8094-D48E2526DECC"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.5:*:*:*:*:*:*:*","matchCriteriaId":"9B72CFB3-39C7-469C-AA59-69F5B8993BF7"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.6:*:*:*:*:*:*:*","matchCriteriaId":"2A7154C4-8325-4495-92B1-B7897CD7303E"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.7:*:*:*:*:*:*:*","matchCriteriaId":"99BF4471-763B-485A-ABD5-C68AD0A14058"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.7p1:*:*:*:*:*:*:*","matchCriteriaId":"3B042083-6D26-4A91-B3F6-E6D46266FF60"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.8:*:*:*:*:*:*:*","matchCriteriaId":"40B1B209-53B8-48DC-AFFC-BD69D5978A0B"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:4.9:*:*:*:*:*:*:*","matchCriteriaId":"7212E982-76F2-496C-9F08-EC4137F20804"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:5.0:*:*:*:*:*:*:*","matchCriteriaId":"52D13E08-7B08-44AA-9017-3EE3F6301E10"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:5.1:*:*:*:*:*:*:*","matchCriteriaId":"2FBC7FF1-01EE-40A1-8735-14360A371803"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:5.2:*:*:*:*:*:*:*","matchCriteriaId":"987527F8-8A42-4729-A329-4D2AC8AFD6E1"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:5.3:*:*:*:*:*:*:*","matchCriteriaId":"93910448-8D6F-4F7E-9C7F-959754ABA50D"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:5.4:*:*:*:*:*:*:*","matchCriteriaId":"3356FDFD-BEA5-45A5-A36B-D1153AFE6C23"},{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:5.5:*:*:*:*:*:*:*","matchCriteriaId":"9394B8AD-AB22-4955-8774-C6BA2B56A260"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2010","CveId":"4478","Ordinal":"1","Title":"CVE-2010-4478","CVE":"CVE-2010-4478","Year":"2010"},"notes":[{"CveYear":"2010","CveId":"4478","Ordinal":"1","NoteData":"OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.","Type":"Description","Title":"CVE-2010-4478"},{"CveYear":"2010","CveId":"4478","Ordinal":"2","NoteData":"2010-12-06","Type":"Other","Title":"Published"},{"CveYear":"2010","CveId":"4478","Ordinal":"3","NoteData":"2017-09-18","Type":"Other","Title":"Modified"}]}}}