Vulnerability & Exploit Database

Displaying all 5 entries

Results for: CVE-2018-15473 Back to search

Gentoo Linux: CVE-2018-15473: OpenSSH: User enumeration vulnerability Vulnerability

  • Severity: 4
  • Published: August 17, 2018

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

Debian: CVE-2018-15473: openssh -- security update Vulnerability

  • Severity: 4
  • Published: August 17, 2018

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

Amazon Linux AMI: CVE-2018-15473: Security patch for openssh (ALAS-2018-1075) Vulnerability

  • Severity: 4
  • Published: August 17, 2018

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

SSH Username Enumeration Exploit

Disclosed:

This module uses a malformed packet or timing attack to enumerate users on an OpenSSH server. The default action sends a malformed (corrupted) SSH_MSG_USERAUTH_REQUEST packet using public key authentication (must be enabled) to enumerate users. On some versions of OpenSSH under some configurations, OpenSSH will ...