icon

We found results for “

CVE-2018-15473

Date: August 17, 2018

Overview

OpenSSH, the open-source version of the Secure Shell (SSH), is a suite of utilities used in securing network connections. Its affected versions could allow remote attackers to send specially designed requests for enumerating valid usernames on a target OpenSSH server.

Details

The CVE-2018-15473 vulnerability could enable perpetrators to fetch confidential user data. This occurs because the affected OpenSSH versions fail to delay bailout for invalid user authentication requests until after completely parsing the packet having the request. It is related to auth2-pubkey.c, auth2-hostbased.c, and auth2-gss.c files. A remote perpetrator can exploit this vulnerability to test if a user exists or not on a target system. When carrying out the username enumeration, the perpetrator can attempt to authenticate a user with a nefarious packet, such a truncated packet. Then, if the username is valid (exists), the attacker can make the server return the validated user details, which can be used for staging other types of attacks.

Affected Environments

CVE-2018-15473 affects all OpenSSH versions, up to version 7.7. The tested susceptible versions go back to as far as OpenSSH 2.3.0, which was released in November 2000.

Remediation

To fix this user enumeration vulnerability, upgrade to an OpenSSH version higher than 7.7. The latest OpenSSH releases are patched with sufficient validation of authentication request packets.

Prevention

Use the latest OpenSSH version. Set up your system’s firewall to limit the origin and rate of incoming SSH connections. This will reduce the effect of this attack because it needs a new TCP connection for every tested username.

Language: C

Good to know:

icon

Information Leak / Disclosure

CWE-200

Race Conditions

CWE-362
icon

Upgrade Version

Upgrade to version 7.8

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): Low
Integrity (I): None
Availability (A): None
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (AU): None
Confidentiality (C): Partial
Integrity (I): None
Availability (A): None
Additional information: