VDB
DEBIAN-CVE-2016-20012
DEBIAN-CVE-2016-20012
PUBLISHED
CVSS 5.300000190734863 MEDIUM
OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product
Risk Scores
CVSS v3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | openssh | 0, *, * |
| Debian:11 | openssh | 1:9.6p1-1, 0, 10.0 |
| Debian:13 | openssh | 1:10.2p1-3, 1:10.2p1-4, 1:10.2p1-5 |
| Debian:12 | openssh | 1:9.2p1-2+deb12u8, 1:9.2p1-2+deb12u9, 1:9.3p1-1 |
Timeline
- Sep 15, 2021 CVE Published
- Apr 28, 2026 CVE Updated