CVE-2009-1273

CVE-2009-1273 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

pam_ssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames.

Learn more about our User Device Pen Test.