vulnerability report - 29369
gaurang maheta
mahetagaurang22 at gmail.com
Tue Nov 29 01:12:29 EST 2022
*Hello Team *
I Gaurang Maheta found a security issue in your system
.TiTLE :
OpenSSH Username Enumeration <= v7.7
severity: medium
description: OpenSSH through 7.7 is prone to a user enumeration
vulnerability due to not delaying bailout for an invalid authenticating
user until after the packet containing the request has been fully parsed,
related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
Step To Reproduce
stats.pidgin.im:22 [SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u8]
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2018-15473
cwe-id: CWE-362
tags: network,openssh,cve,cve2018
Best regards,
gaurang
More information about the security
mailing list