CVE-2017-2659

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-2659
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-2659.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-2659
Downstream
Published
2019-03-21T15:59:57.093Z
Modified
2026-03-14T14:27:47.685902Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts.

References

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "2013.59"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-2659.json"