CVE-2017-2659 Vulnerability Details

  /     /     /  

CVE-2017-2659 Metadata Quick Info

CVE Published: 20/03/2019 | CVE Updated: 05/08/2024 | CVE Year: 2017
Source: redhat | Vendor: [UNKNOWN] | Product: dropbear
Status : PUBLISHED

---

CVE-2017-2659 Description

It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-209
CWE Name: CWE-209
Source: [UNKNOWN]

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).