vulnerability report - 29369

gaurang maheta mahetagaurang22 at gmail.com
Tue Nov 29 01:12:29 EST 2022


*Hello Team *
I Gaurang Maheta found a security issue in your system


.TiTLE :
OpenSSH Username Enumeration <= v7.7

severity: medium
description: OpenSSH through 7.7 is prone to a user enumeration
vulnerability due to not delaying bailout for an invalid authenticating
user until after the packet containing the request has been fully parsed,
related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.


Step To Reproduce
stats.pidgin.im:22 [SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u8]

classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2018-15473
cwe-id: CWE-362
tags: network,openssh,cve,cve2018

Best regards,
gaurang


More information about the security mailing list