Lucene search
K

141 matches found

Check Point Advisories
Check Point Advisories
added 2019/01/21 12:0 a.m.33 views

OpenSSH sshd Username Information Disclosure (CVE-2018-15473)

An information disclosure vulnerability exists in OpenSSH. The vulnerability is due to the different ways in which the sshd daemon responds to crafted SSH packets. A successful attack can result in the attacker being able to determine whether a user exists on the system...

5CVSS2.3AI score0.98631EPSS
Exploits23
Tenable Nessus
Tenable Nessus
added 2019/01/02 12:0 a.m.70 views

SUSE SLED15 / SLES15 Security Update : openssh (SUSE-SU-2018:3686-1)

This update for openssh fixes the following issues : CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration o...

5.9CVSS6.8AI score0.98631EPSS
Exploits23References10
OpenVAS
OpenVAS
added 2018/12/04 12:0 a.m.28 views

openSUSE: Security Advisory for openssh (openSUSE-SU-2018:3946-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.9CVSS6.3AI score0.98631EPSS
Exploits23References3
OSV
OSV
added 2018/11/26 4:47 p.m.11 views

SUSE-SU-2018:3910-1 Security update for openssh

This update for openssh fixes the following issues: Following security issues have been fixed: - CVE-2018-15473: OpenSSH was prone to a user existance oracle vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully...

5.9CVSS6AI score0.98631EPSS
Exploits23References5
OpenVAS
OpenVAS
added 2018/11/17 12:0 a.m.46 views

openSUSE: Security Advisory for openssh (openSUSE-SU-2018:3801-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.9CVSS6.3AI score0.98631EPSS
Exploits23References2
OSV
OSV
added 2018/11/16 3:2 p.m.17 views

SUSE-SU-2018:3776-1 Security update for openssh

This update for openssh fixes the following issues: Following security issues have been fixed: - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not...

5.9CVSS6AI score0.98631EPSS
Exploits23References7
OSV
OSV
added 2018/11/14 1:16 p.m.11 views

SUSE-SU-2018:3768-1 Security update for openssh-openssl1

This update for openssh-openssl1 fixes the following issues: Security issues fixed: - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to...

5.9CVSS5.7AI score0.98631EPSS
Exploits23References6
Veracode
Veracode
added 2018/10/02 2:55 a.m.11 views

Timing Attack

pac4j-sql is vulnerable to timing attack. The password encoding of an authentication request is performed after a user is found. This causes a delay and provides hint to an attacker if the user exists...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2018/08/28 4:49 p.m.253 views

CVE-2018-15919

OpenSSH server was found to respond differently to failed GSSAPI authentication attempts when the target user existed versus when that user did not exist. A remote attacker could use this bug to test for the existence of particular usernames on a target system. Mitigation If GSSAPI Authentication...

5.3CVSS3.2AI score0.03557EPSS
Exploits1References2
Prion
Prion
added 2018/08/28 8:29 a.m.466 views

Design/Logic Flaw

Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration or...

5CVSS5.1AI score0.03557EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2018/08/28 8:29 a.m.1 views

DEBIAN-CVE-2018-15919

Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration or...

5.3CVSS8AI score0.03557EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2018/08/28 12:0 a.m.419 views

CVE-2018-15919

Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states ‘We understand that the OpenSSH developers do not want to treat such a username enumeration or...

5.3CVSS5.4AI score0.03557EPSS
In wildExploits1References5
OSV
OSV
added 2018/08/14 4:29 p.m.5 views

CVE-2018-2448

Under certain conditions SAP SRM-MDM CATALOG versions 3.0, 7.01, 7.02 utilities functionality allows an attacker to access information of user existence which would otherwise be restricted...

5.3CVSS5.8AI score0.01355EPSS
Exploits0References3
Hacker One
Hacker One
added 2016/12/04 11:40 a.m.88 views

Nextcloud: Login Hints on Admin Panel

Hi, Hope you are doing fine. I wanted to inform you regarding the enabling of the login hints on your wp-admin panelhttps://nextcloud.com/wp-login.php. Vulnerability: The admin panel shows very "specific" hint information if a hacker tries for a bruteforcing attack. Steps to reproduce: 1. Navigat...

6.9AI score
Exploits0
OSV
OSV
added 2016/10/28 12:0 a.m.4 views

UBUNTU-CVE-2016-0762

The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note...

5.9CVSS6.7AI score0.07991EPSS
Exploits0References5
Atlassian
Atlassian
added 2015/08/05 1:18 a.m.25 views

Username enumeration through the username parameter to the ViewUserHover resource.

It is possible to enumerate usernames through the secure/ViewUserHover resource through the username parameter. JIRA leaks the existence of a username by showing your entire name. 1. Log out of JIRA 2. Go to...

7AI score
Exploits0
NVD
NVD
added 2014/10/17 3:55 p.m.28 views

CVE-2014-2064

The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts...

5CVSS6.3AI score0.02952EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2014/10/17 3:55 p.m.4 views

CVE-2014-2064

The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts...

5CVSS5.6AI score0.02952EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2014/10/17 3:55 p.m.20 views

CVE-2014-2064

The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts...

5CVSS5.9AI score0.02952EPSS
Exploits0References2
CVE
CVE
added 2014/10/17 3:0 p.m.88 views

CVE-2014-2064

CVE-2014-2064 affects Jenkins: the loadUserByUsername function in HudsonPrivateSecurityRealm.java (Jenkins before 1.551 and LTS before 1.532.2) allows remote attackers to determine whether a user exists via failed login attempts. Impact: information disclosure (user existence). CVSS v2 base score...

5CVSS9.1AI score0.02952EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder