Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2018-15919

Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'

Related bugs and status

CVE-2018-15919 (Candidate) is related to these bugs:

Bug #1934501: CVE-2018-15473 patch introduce user enumeration vulnerability

Summary				In	Importance	Status
	1934501	CVE-2018-15473 patch introduce user enumeration vulnerability		openssh (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://seclists.org/os...
BID: 105163
CONFIRM: https://security.netap...