2
Candidate: CVE-2006-5229
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5229
6
OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and
7
versions, and possibly under limited configurations, allows remote
8
attackers to determine valid usernames via timing discrepancies in which
9
responses take longer for valid usernames than invalid ones, as
10
demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue
11
is dependent on the use of manually-set passwords that causes delays when
12
processing /etc/shadow due to an increased number of rounds.
15
kees> up to administrators to resolve module usage
22
dapper_openssh: ignored
24
feisty_openssh: ignored
25
devel_openssh: ignored