CVE-2016-20012
Vulnerability from cvelistv5
Published
2021-09-15 19:32
Modified
2024-08-06 03:47
Severity ?
Summary
OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:47:34.948Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/openssh/openssh-portable/pull/270"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/openssh/openssh-portable/blob/d0fffc88c8fe90c1815c6f4097bc8cbcabc0f3dd/auth2-pubkey.c#L261-L265"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://utcc.utoronto.ca/~cks/space/blog/tech/SSHKeysAreInfoLeak"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://rushter.com/blog/public-ssh-keys/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211014-0005/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/openssh/openssh-portable/pull/270#issuecomment-920577097"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2018/08/24/1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/openssh/openssh-portable/pull/270#issuecomment-943909185"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-22T22:24:33",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/openssh/openssh-portable/pull/270"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/openssh/openssh-portable/blob/d0fffc88c8fe90c1815c6f4097bc8cbcabc0f3dd/auth2-pubkey.c#L261-L265"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://utcc.utoronto.ca/~cks/space/blog/tech/SSHKeysAreInfoLeak"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://rushter.com/blog/public-ssh-keys/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20211014-0005/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/openssh/openssh-portable/pull/270#issuecomment-920577097"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2018/08/24/1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/openssh/openssh-portable/pull/270#issuecomment-943909185"
        }
      ],
      "tags": [
        "disputed"
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-20012",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "** DISPUTED ** OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/openssh/openssh-portable/pull/270",
              "refsource": "MISC",
              "url": "https://github.com/openssh/openssh-portable/pull/270"
            },
            {
              "name": "https://github.com/openssh/openssh-portable/blob/d0fffc88c8fe90c1815c6f4097bc8cbcabc0f3dd/auth2-pubkey.c#L261-L265",
              "refsource": "MISC",
              "url": "https://github.com/openssh/openssh-portable/blob/d0fffc88c8fe90c1815c6f4097bc8cbcabc0f3dd/auth2-pubkey.c#L261-L265"
            },
            {
              "name": "https://utcc.utoronto.ca/~cks/space/blog/tech/SSHKeysAreInfoLeak",
              "refsource": "MISC",
              "url": "https://utcc.utoronto.ca/~cks/space/blog/tech/SSHKeysAreInfoLeak"
            },
            {
              "name": "https://rushter.com/blog/public-ssh-keys/",
              "refsource": "MISC",
              "url": "https://rushter.com/blog/public-ssh-keys/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20211014-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20211014-0005/"
            },
            {
              "name": "https://github.com/openssh/openssh-portable/pull/270#issuecomment-920577097",
              "refsource": "MISC",
              "url": "https://github.com/openssh/openssh-portable/pull/270#issuecomment-920577097"
            },
            {
              "name": "https://www.openwall.com/lists/oss-security/2018/08/24/1",
              "refsource": "MISC",
              "url": "https://www.openwall.com/lists/oss-security/2018/08/24/1"
            },
            {
              "name": "https://github.com/openssh/openssh-portable/pull/270#issuecomment-943909185",
              "refsource": "MISC",
              "url": "https://github.com/openssh/openssh-portable/pull/270#issuecomment-943909185"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-20012",
    "datePublished": "2021-09-15T19:32:11",
    "dateReserved": "2021-09-15T00:00:00",
    "dateUpdated": "2024-08-06T03:47:34.948Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-20012\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-09-15T20:15:07.310\",\"lastModified\":\"2024-08-06T04:16:44.247\",\"vulnStatus\":\"Modified\",\"cveTags\":[{\"sourceIdentifier\":\"cve@mitre.org\",\"tags\":[\"disputed\"]}],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product\"},{\"lang\":\"es\",\"value\":\"** EN DISPTUTA ** OpenSSH versiones hasta 8.7, permite a atacantes remotos, que presentan la sospecha de que una determinada combinaci\u00f3n de nombre de usuario y clave p\u00fablica es conocida por un servidor SSH, comprobar si esta sospecha es correcta. Esto ocurre porque es enviado un desaf\u00edo s\u00f3lo cuando esa combinaci\u00f3n podr\u00eda ser v\u00e1lida para una sesi\u00f3n de inicio de sesi\u00f3n. NOTA: el proveedor no reconoce la enumeraci\u00f3n de usuarios como una vulnerabilidad para este producto\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.7\",\"matchCriteriaId\":\"2E1A0346-2185-4EE6-AC3A-DE31E6A21AE4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FE996B1-6951-4F85-AA58-B99A379D2163\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3C19813-E823-456A-B1CE-EC0684CE1953\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7CF3019-975D-40BB-A8A4-894E62BD3797\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737\"}]}]}],\"references\":[{\"url\":\"https://github.com/openssh/openssh-portable/blob/d0fffc88c8fe90c1815c6f4097bc8cbcabc0f3dd/auth2-pubkey.c#L261-L265\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/openssh/openssh-portable/pull/270\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/openssh/openssh-portable/pull/270#issuecomment-920577097\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/openssh/openssh-portable/pull/270#issuecomment-943909185\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://rushter.com/blog/public-ssh-keys/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20211014-0005/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://utcc.utoronto.ca/~cks/space/blog/tech/SSHKeysAreInfoLeak\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2018/08/24/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.