Your submission was sent successfully! Close

CVE-2013-4434

Published: 25 October 2013

Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to discover valid usernames.

Priority

Medium

Status

Package Release Status
dropbear
Launchpad, Ubuntu, Debian
Upstream
Released (2013.59)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(2013.60-1ubuntu2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [2013.60-1ubuntu2])
Patches:
Upstream: https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a