Unrated severityNVD Advisory· Published Oct 10, 2006· Updated Apr 23, 2026

CVE-2006-5229

Description

OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds.

Affected products

OpenBSD/OpenSSH
cpe:2.3:a:openbsd:openssh:4.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/25979nvdVendor Advisory
www.vupen.com/english/advisories/2007/2545nvdVendor Advisory
www.osvdb.org/32721nvd
www.securityfocus.com/archive/1/448025/100/0/threadednvd
www.securityfocus.com/archive/1/448108/100/0/threadednvd
www.securityfocus.com/archive/1/448156/100/0/threadednvd
www.securityfocus.com/archive/1/448702/100/0/threadednvd
www.securityfocus.com/bid/20418nvd
www.sybsecurity.com/hack-proventia-1.pdfnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.045
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000