VDB

CVE-2016-20012

CVE-2016-20012 PUBLISHED

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product

EPSS 8.65% · 92.6th percentile

Risk Scores

EPSS Score
8.65%
92.6th percentile

Affected Products

VendorProductVersions
Ubuntu:20.04:LTSopenssh-ssh11:7.5p1-11build1, 0
Ubuntu:Pro:FIPS:20.04:LTSopenssh0, 1:8.2p1-4ubuntu0.fips.0.2.1
Ubuntu:20.04:LTSopenssh1:8.2p1-4ubuntu0.12, 1:8.2p1-4ubuntu0.11, 1:8.2p1-4ubuntu0.10
Ubuntu:18.04:LTSopenssh-ssh11:7.5p1-8, *, 1:7.5p1-9build1
Ubuntu:Pro:16.04:LTSopenssh*, 0, 1:6.9p1-3
Ubuntu:Pro:FIPS:18.04:LTSopenssh1:7.9p1-10~ubuntu18.04.fips.0.1, 1:7.9p1-10~ubuntu18.04.fips.0.2, 0
Ubuntu:Pro:18.04:LTSopenssh*, *, *
Ubuntu:22.04:LTSopenssh*, 1:8.7p1-4, 1:8.8p1-1
Ubuntu:Pro:FIPS-updates:20.04:LTSopenssh*, 1:8.2p1-4ubuntu0.fips.0.13, 1:8.2p1-4ubuntu0.fips.0.12
Ubuntu:22.04:LTSopenssh-ssh11:7.5p1-13, 0, 1:7.5p1-12
Ubuntu:Pro:14.04:LTSopenssh1:6.6p1-1, 1:6.6p1-2ubuntu2, 1:6.6p1-2ubuntu1
Ubuntu:Pro:FIPS-updates:18.04:LTSopenssh1:7.9p1-10~ubuntu18.04.fips.0.7, 1:7.9p1-10~ubuntu18.04.fips.0.8, 1:7.9p1-10~ubuntu18.04.fips.0.9
Ubuntu:Pro:FIPS:16.04:LTSopenssh*, *, *

Exploit Intelligence

…and 7 more exploits

Timeline

  • Sep 15, 2021 CVE Published
  • Feb 4, 2022 EPSS Score
  • May 20, 2022 EPSS Score
  • Sep 3, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 2, 2023 EPSS Score
  • Jul 16, 2023 EPSS Score
  • Oct 29, 2023 EPSS Score
  • Jan 28, 2024 CVE Updated
  • Feb 12, 2024 EPSS Score
  • May 27, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›