CVE-1999-1231 Information

Description

ssh 2.0.12 and possibly other versions allows valid user names to attempt to enter the correct password multiple times but only prompts an invalid user name for a password once which allows remote attackers to determine user account names on the server.

Reference

http://www.securityfocus.com/archive/1/14758 https://exchange.xforce.ibmcloud.com/vulnerabilities/2276