Vulnerability Database
296,733
Total vulnerabilities in the database
CVE-2018-15599
The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase.
| Software | From | Fixed in |
|---|---|---|
| debian / debian_linux | 8.0 | 8.0.x |
| dropbear_ssh_project / dropbear_ssh | - | 2018.76.x |
- http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002108.html
- http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002109.html
- https://lists.debian.org/debian-lts-announce/2018/08/msg00026.html
- https://matt.ucc.asn.au/dropbear/CHANGES
- https://old.reddit.com/r/blackhat/comments/97ywnm/openssh_username_enumeration/e4e05n2/
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime