CVE-1999-0310 in SSHinfo

Summary

by MITRE

SSH 1.2.25 on HP-UX allows access to new user accounts.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 04/17/2026

The vulnerability described in CVE-1999-0310 represents a critical security flaw in SSH version 1.2.25 running on HP-UX operating systems that allows unauthorized access to newly created user accounts. This issue stems from improper access control mechanisms within the SSH implementation that fails to properly validate user credentials or account status during authentication processes. The vulnerability specifically affects systems where new user accounts are created but not properly secured against unauthorized access attempts, creating a window of opportunity for attackers to exploit the system.

This technical flaw operates at the authentication layer of the SSH protocol implementation, where the system fails to enforce proper account validation checks. The vulnerability can be categorized under CWE-284, which addresses improper access control, and aligns with ATT&CK technique T1110.003 for credential access through brute force methods. The issue manifests when the SSH service does not properly verify account status or authentication parameters for newly created user accounts, allowing potential attackers to gain access before proper account restrictions are enforced.

The operational impact of this vulnerability extends beyond simple unauthorized access to encompass potential system compromise and data breaches. Attackers exploiting this vulnerability can establish persistent access to systems, potentially escalating privileges and moving laterally within networks. The vulnerability affects HP-UX systems specifically, which are commonly used in enterprise environments for mission-critical applications, making the impact particularly severe for organizations relying on these platforms. The timeframe for exploitation is immediate upon account creation, creating a significant window of vulnerability that can be exploited by malicious actors.

Mitigation strategies for CVE-1999-0310 require immediate system updates and configuration hardening. Organizations should upgrade to patched versions of SSH software that properly implement account validation mechanisms and enforce proper access controls. System administrators must implement strict account management policies that ensure proper account provisioning and immediate enforcement of access controls upon account creation. Network segmentation and monitoring controls should be deployed to detect unauthorized access attempts. The vulnerability also highlights the importance of following security best practices outlined in NIST SP 800-53 for access control and authentication mechanisms, ensuring that all user accounts are properly validated and secured against unauthorized access attempts.

Disclosure

09/01/1998

Moderation

accepted

Entry

VDB-14215

CPE

ready

EPSS

0.01489

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!