VYPR

Pam SSH

by Pam SSH

CVEs (2)

  • CVE-2009-1273Apr 8, 2009
    risk 0.00cvss epss 0.01

    pam_ssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames.

  • CVE-2007-0844Feb 8, 2007
    risk 0.00cvss epss 0.01

    The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when the allow_blank_passphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase.