Lucene search
K

6 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:24 a.m.4 views

SUSE CVE-2018-15599

The recvmsguserauthrequest function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSHMSGUSERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase...

5.3CVSS6.9AI score0.02709EPSS
Exploits0References2
Prion
Prion
added 2020/12/30 8:15 p.m.27 views

Design/Logic Flaw

Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599...

5CVSS5.1AI score0.02709EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/09/21 4:26 p.m.4 views

MGASA-2018-0384 Updated dropbear packages fix security vulnerability

Dropbear is prone to a user enumeration vulnerability CVE-2018-15599. An external user without credentials can determine whether a given username exists on a server...

5.3CVSS5.1AI score0.02709EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/08/28 12:0 a.m.53 views

Debian DLA-1476-1 : dropbear security update

A vulnerability in dropbear, a lightweight SSH2 server and client, making it possible to guess valid usernames has been found : CVE-2018-15599 : The recvmsguserauthrequest function in svr-auth.c in is prone to a user enumeration vulnerability, similar to CVE-2018-15473 in OpenSSH. For Debian 8...

5.9CVSS6.5AI score0.98631EPSS
Exploits23References3
CVE
CVE
added 2018/08/21 1:0 a.m.270 views

CVE-2018-15599

CVE-2018-15599 affects Dropbear up to version 2018.76, where recv_msg_userauth_request in svr-auth.c allows user enumeration because handling of SSH_MSG_USERAUTH fields varies with username validity. The NVD metrics show CVSS v3 base 5.3 (network, low complexity, no user interaction) and CVSS v2 ...

5.3CVSS5.8AI score0.02709EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2018/08/21 1:0 a.m.149 views

CVE-2018-15599

The recvmsguserauthrequest function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSHMSGUSERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase...

5.3CVSS6.2AI score0.02709EPSS
Exploits0
Rows per page
Query Builder