VDB

RHSA-2003%3A222

RHSA-2003%3A222 PUBLISHED

OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.

Affected Products

VendorProductVersions
Red HatRed Hat Linux 7.2
Red HatRed Hat Linux 8.0
Red HatRed Hat Linux 7.1
Red HatRed Hat Linux 7.3
Red HatRed Hat Linux 9

Exploit Intelligence

Timeline

  • Jul 29, 2003 CVE Published
  • Nov 21, 2025 CVE Updated
  • Apr 24, 2026 Distribution Patch
  • Apr 24, 2026 Distribution Patch
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›