{"id":"CVE-2013-4434","details":"Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to discover valid usernames.","modified":"2026-04-16T06:22:34.982371957Z","published":"2013-10-25T23:55:03Z","references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2013-10/msg00061.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2013-11/msg00046.html"},{"type":"ADVISORY","url":"http://secunia.com/advisories/55173"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2013/10/16/11"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/62993"},{"type":"ADVISORY","url":"https://matt.ucc.asn.au/dropbear/CHANGES"},{"type":"ADVISORY","url":"https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a"},{"type":"ADVISORY","url":"https://support.citrix.com/article/CTX216642"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2013/10/16/11"},{"type":"FIX","url":"https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a"}],"schema_version":"1.7.5"}