New Search

SSH as implemented in OpenSSH before 4.0 and possibly other implementations stores hostnames IP addresses and keys in plaintext in the known_hosts file which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.

oval:org.mitre.oval:def:10201

SSH as implemented in OpenSSH before 4.0 and possibly other implementations stores hostnames IP addresses and keys in plaintext in the known_hosts file which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Enterprise Linux 4
  • CentOS Linux 4
  • Oracle Linux 4
Class:
vulnerability
Reference(s):
  • CVE-2005-2666
Product(s):