CVE-2001-0572 in SSH
Summary
by MITRE
The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 10/05/2025
The vulnerability described in CVE-2001-0572 represents a significant information disclosure weakness in SSH protocol implementations that affects both SSH version 1 and SSH version 2 protocols. This vulnerability stems from the design characteristics of the SSH protocol itself rather than specific implementation flaws, making it particularly concerning as it impacts a fundamental security protocol that billions of systems rely upon for secure remote access. The issue manifests when network traffic is captured and analyzed by remote attackers who can exploit the protocol's inherent information leakage mechanisms through passive network sniffing techniques.
The technical flaw in question involves the protocol's handling of certain metadata within the SSH handshake and authentication process. Specifically, the vulnerability allows attackers to infer sensitive information from the packet structure and timing characteristics of SSH communications. When users authenticate using SSH, the protocol reveals information about password lengths through the timing variations in authentication responses, enabling attackers to perform more efficient brute force attacks. Additionally, the protocol exposes details about the cryptographic algorithms being used for authentication, specifically revealing whether RSA or DSA key types are in use. The vulnerability also allows attackers to determine the number of authorized_keys entries in RSA authentication scenarios, which provides attackers with information about the target system's authentication configuration and potentially reveals the complexity of the user's security setup.
The operational impact of this vulnerability extends beyond simple information disclosure to create substantial security risks for systems relying on SSH for remote access. Attackers who can passively monitor network traffic can use the leaked information to significantly reduce the computational complexity of password guessing attacks, making brute force attempts much more successful. The revelation of authentication method types and authorized_keys counts provides attackers with valuable reconnaissance data that can be used to tailor subsequent attack vectors. This vulnerability particularly affects systems where SSH is used for administrative access, as the information leakage can be used to identify high-value targets and optimize attack strategies against specific users or systems. The timing variations in authentication responses that reveal password length information create a direct path for attackers to reduce their search space in password cracking attempts, potentially allowing them to compromise accounts much more quickly than would otherwise be possible.
The vulnerability aligns with several CWE classifications including CWE-200 Information Exposure, CWE-310 Cryptographic Issues, and CWE-254 Security Misconfiguration, and maps to ATT&CK techniques such as T1046 Network Service Scanning and T1562 Impairing Defenses. Organizations affected by this vulnerability should implement immediate mitigations including network segmentation to prevent passive monitoring, deployment of encrypted network monitoring solutions, and implementation of stronger authentication mechanisms such as multi-factor authentication. Additionally, system administrators should consider implementing account lockout policies and monitoring for unusual authentication patterns. The vulnerability also highlights the importance of protocol-level security considerations and the need for cryptographic protocols to be designed with information leakage prevention as a core requirement. Modern SSH implementations have addressed many of these issues through improved protocol design and implementation practices, but legacy systems and improperly configured implementations may still remain vulnerable to similar information disclosure attacks. The vulnerability serves as a critical reminder of the importance of considering side-channel attacks and information leakage in cryptographic protocol design and the necessity of comprehensive security testing that includes passive network analysis scenarios.