{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2006-5229","title":"Title"},{"category":"description","text":"OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime.  NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2006-5229","url":"https://www.suse.com/security/cve/CVE-2006-5229"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1105010 for CVE-2006-5229","url":"https://bugzilla.suse.com/1105010"},{"category":"external","summary":"SUSE Bug 874752 for CVE-2006-5229","url":"https://bugzilla.suse.com/874752"},{"category":"external","summary":"SUSE Bug 881234 for CVE-2006-5229","url":"https://bugzilla.suse.com/881234"}],"title":"SUSE CVE CVE-2006-5229","tracking":{"current_release_date":"2025-07-03T00:35:48Z","generator":{"date":"2023-02-15T06:14:11Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2006-5229","initial_release_date":"2023-02-15T06:14:11Z","revision_history":[{"date":"2023-02-15T06:14:11Z","number":"2","summary":"Current version"},{"date":"2023-06-22T03:13:27Z","number":"3","summary":"Current version"},{"date":"2025-06-26T05:58:56Z","number":"4","summary":"Current version"},{"date":"2025-07-03T00:35:48Z","number":"5","summary":"Current version"}],"status":"interim","version":"5"}}}