CVE-2001-1382
First published: Thu Sep 27 2001(Updated: )
The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenSSH | <=2.9.9p2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2001-1382?
CVE-2001-1382 has a medium severity level due to its potential to allow remote attackers to exploit echo packet behavior.
How do I fix CVE-2001-1382?
To fix CVE-2001-1382, upgrade OpenSSH to version 2.9.9p3 or later.
What does CVE-2001-1382 exploit in OpenSSH?
CVE-2001-1382 exploits the 'echo simulation' traffic analysis countermeasure, potentially revealing information about its usage.
Is CVE-2001-1382 present in the latest OpenSSH versions?
No, CVE-2001-1382 is not present in OpenSSH versions later than 2.9.9p2.
Who is affected by CVE-2001-1382?
Users running OpenSSH versions prior to 2.9.9p3 are affected by CVE-2001-1382.
- agent/references
- agent/first-publish-date
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/openbsd
- canonical/openssh
- version/openssh/2.9.9p2