Do your applications use this vulnerable package?
Test your applications
Overview
Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'
References
CVSS Score
5.3
low severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityLow
-
IntegrityNone
-
AvailabilityNone
- CVE
- CVE-2018-15919
- CWE
- CWE-200
- Snyk ID
- SNYK-UBUNTU1804-OPENSSH-368621
- Disclosed
- 28 Aug, 2018
- Published
- 25 Sep, 2018