CVE-2018-15919

2018-08-28T08:29:00
ID CVE-2018-15919
Type cve
Reporter cve@mitre.org
Modified 2019-03-07T16:29:00

Description

Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'