CVE-2016-20012

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product

CVSS v3 5.3 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/openssh/openssh-portable/blob/d0fffc88c8fe90c1815c6f4097bc8cbcabc0f3dd/auth2-pubkey.c#L261-L265	Exploit Third Party Advisory
https://github.com/openssh/openssh-portable/pull/270	Patch Third Party Advisory
https://github.com/openssh/openssh-portable/pull/270#issuecomment-920577097	Issue Tracking Third Party Advisory
https://github.com/openssh/openssh-portable/pull/270#issuecomment-943909185	Issue Tracking Third Party Advisory
https://rushter.com/blog/public-ssh-keys/	Exploit Third Party Advisory
https://security.netapp.com/advisory/ntap-20211014-0005/	Third Party Advisory
https://utcc.utoronto.ca/~cks/space/blog/tech/SSHKeysAreInfoLeak	Third Party Advisory
https://www.openwall.com/lists/oss-security/2018/08/24/1	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:netapp:clustered_data_ontap:-:::::::*
	cpe:2.3:a:netapp:hci_management_node:-:::::::*
	cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:::::::*
	cpe:2.3:a:netapp:solidfire:-:::::::*

History

No history.

Information

Published : 2021-09-15 20:15

Updated : 2024-05-17 01:08

NVD link : CVE-2016-20012

Mitre link : CVE-2016-20012

CVE.ORG link : CVE-2016-20012

JSON object : View

Products Affected

openbsd

openssh

netapp

clustered_data_ontap
hci_management_node
ontap_select_deploy_administration_utility
solidfire

CWE

NVD-CWE-Other

{"id": "CVE-2016-20012", "cveTags": [{"tags": ["disputed"], "sourceIdentifier": "cve@mitre.org"}], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2021-09-15T20:15:07.310", "references": [{"url": "https://github.com/openssh/openssh-portable/blob/d0fffc88c8fe90c1815c6f4097bc8cbcabc0f3dd/auth2-pubkey.c#L261-L265", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/openssh/openssh-portable/pull/270", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/openssh/openssh-portable/pull/270#issuecomment-920577097", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/openssh/openssh-portable/pull/270#issuecomment-943909185", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://rushter.com/blog/public-ssh-keys/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://security.netapp.com/advisory/ntap-20211014-0005/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://utcc.utoronto.ca/~cks/space/blog/tech/SSHKeysAreInfoLeak", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.openwall.com/lists/oss-security/2018/08/24/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product"}, {"lang": "es", "value": "** EN DISPTUTA ** OpenSSH versiones hasta 8.7, permite a atacantes remotos, que presentan la sospecha de que una determinada combinaci\u00f3n de nombre de usuario y clave p\u00fablica es conocida por un servidor SSH, comprobar si esta sospecha es correcta. Esto ocurre porque es enviado un desaf\u00edo s\u00f3lo cuando esa combinaci\u00f3n podr\u00eda ser v\u00e1lida para una sesi\u00f3n de inicio de sesi\u00f3n. NOTA: el proveedor no reconoce la enumeraci\u00f3n de usuarios como una vulnerabilidad para este producto"}], "lastModified": "2024-05-17T01:08:38.037", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E1A0346-2185-4EE6-AC3A-DE31E6A21AE4", "versionEndIncluding": "8.7"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163"}, {"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953"}, {"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797"}, {"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

5.3 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2016-20012

5.3^/10

4.3^/10

Attach tags to `CVE-2016-20012`