VDB
DEBIAN-CVE-2018-15473
DEBIAN-CVE-2018-15473
PUBLISHED
CVSS 5.300000190734863 MEDIUM
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | openssh | |
| Debian:13 | openssh | 0, 0, 0 |
| Debian:11 | openssh | 0, 0, 0 |
| Debian:12 | openssh | 0, 0, 0 |
| Debian:14 | openssh | 0, 0, 0 |
Exploit Intelligence
- 🛡️ SSH User Enumeration (CVE-2018-15473). Python 3, multihilo y calibración anti-falsos positivos. 🧵 (github-poc-repo)
- 🛡️ SSH User Enumeration (CVE-2018-15473). Python 3, multihilo y calibración anti-falsos positivos. 🧵 (github-poc)
- Fully functional script for brute forcing SSH and trying credentials - CVE-2018-15473 (github-poc-repo)
- This is a exp of CVE-2018-15473 (github-poc-repo)
- OpenSSH 用户名枚举漏洞(CVE-2018-15473) (github-poc-repo)
- SSH account enumeration verification script(CVE-2018-15473) (github-poc-repo)
- Checks a list of SSH servers for password-based auth availability and for the existence of SSH user enumeration vulnerability (CVE-2018-15473) in those identified. (github-poc-repo)
- CVE-2018-15473-Exploit (github-poc-repo)
- OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473). (github-poc-repo)
- OpenSSH 7.7 - Username Enumeration (github-poc-repo)
…and 84 more exploits
Timeline
- Aug 17, 2018 CVE Published
- Jan 2, 2019 PoC Published
- Apr 28, 2026 CVE Updated