CVE-2017-2659

It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2659 Issue Tracking Patch Third Party Advisory
https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a#l1.86 Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-03-21 15:59

Updated : 2024-02-04 20:20


NVD link : CVE-2017-2659

Mitre link : CVE-2017-2659

CVE.ORG link : CVE-2017-2659


JSON object : View

Products Affected

dropbear_ssh_project

  • dropbear_ssh
CWE
CWE-287

Improper Authentication

CWE-209

Generation of Error Message Containing Sensitive Information