CVE-2017-2659
First published: Wed Mar 20 2019(Updated: )
It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dropbear SSH | <2013.59 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-2659?
CVE-2017-2659 has a medium severity level due to its potential impact on unauthorized access attempts.
How do I fix CVE-2017-2659?
To fix CVE-2017-2659, update Dropbear SSH to version 2013.59 or later.
What is the main issue described in CVE-2017-2659?
The main issue in CVE-2017-2659 is the leaking of username validity during GSSAPI authentication, which can incorrectly affect account lockout policies.
Which versions of Dropbear SSH are affected by CVE-2017-2659?
Dropbear SSH versions prior to 2013.59 are affected by CVE-2017-2659.
Is CVE-2017-2659 a critical vulnerability?
No, CVE-2017-2659 is not classified as a critical vulnerability, but it poses risks that should be addressed promptly.
- agent/references
- agent/type
- agent/weakness
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/dropbear ssh project
- canonical/dropbear ssh