Vulnetix
Try Vulnetix Request Demo
CVE-2016-20012 PUBLISHED

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product

EPSS 14.60% · 94.4th percentile

Risk Scores

EPSS Score
14.60%
94.4th percentile

Affected Products

VendorProductVersions
Ubuntu:20.04:LTSopenssh-ssh10, 1:7.5p1-11build1
Ubuntu:Pro:FIPS:20.04:LTSopenssh0, 1:8.2p1-4ubuntu0.fips.0.2.1
Ubuntu:20.04:LTSopenssh1:8.2p1-4ubuntu0.4, 1:8.2p1-4ubuntu0.5, 1:8.2p1-4ubuntu0.7
Ubuntu:18.04:LTSopenssh-ssh10, 1:7.5p1-10, 1:7.5p1-9build1
Ubuntu:Pro:16.04:LTSopenssh1:7.2p2-4ubuntu2.10+esm3, 1:7.2p2-4ubuntu2.10+esm4, 1:7.2p2-4ubuntu2.10+esm5
Ubuntu:Pro:FIPS:18.04:LTSopenssh1:7.9p1-10~ubuntu18.04.fips.0.2, 0, 1:7.9p1-10~ubuntu18.04.fips.0.1
Ubuntu:Pro:18.04:LTSopenssh0, 1:7.5p1-10, 1:7.6p1-4
Ubuntu:22.04:LTSopenssh1:8.9p1-3, 1:8.9p1-3ubuntu0.13, 1:8.9p1-3ubuntu0.11
Ubuntu:Pro:FIPS-updates:20.04:LTSopenssh1:8.2p1-4ubuntu0.fips.0.7, 1:8.2p1-4ubuntu0.fips.0.4.0, 1:8.2p1-4ubuntu0.fips.0.10
Ubuntu:22.04:LTSopenssh-ssh11:7.5p1-12build1, 1:7.5p1-12, 1:7.5p1-13
Ubuntu:Pro:14.04:LTSopenssh1:6.6p1-2ubuntu2.8, 1:6.2p2-6, 1:6.2p2-6ubuntu1
Ubuntu:Pro:FIPS-updates:18.04:LTSopenssh1:7.9p1-10~ubuntu18.04.fips.0.10, 1:7.9p1-10~ubuntu18.04.fips.0.9, 1:7.9p1-10~ubuntu18.04.fips.0.8
Ubuntu:Pro:FIPS:16.04:LTSopenssh1:7.2p2-4ubuntu2.fips.2.10.1, 1:7.2p2-4ubuntu2.fips.2.2.1, 1:7.2p2-4ubuntu2.fips.2.2

Timeline

References

Open in Interactive Console →