CVE-2018-15599

The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase.
Configurations

Configuration 1 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-08-21 01:29

Updated : 2024-02-04 20:03


NVD link : CVE-2018-15599

Mitre link : CVE-2018-15599

CVE.ORG link : CVE-2018-15599


JSON object : View

Products Affected

debian

  • debian_linux

dropbear_ssh_project

  • dropbear_ssh
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor