6 matches found
SUSE CVE-2018-15599
The recvmsguserauthrequest function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSHMSGUSERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase...
Design/Logic Flaw
Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599...
MGASA-2018-0384 Updated dropbear packages fix security vulnerability
Dropbear is prone to a user enumeration vulnerability CVE-2018-15599. An external user without credentials can determine whether a given username exists on a server...
Debian DLA-1476-1 : dropbear security update
A vulnerability in dropbear, a lightweight SSH2 server and client, making it possible to guess valid usernames has been found : CVE-2018-15599 : The recvmsguserauthrequest function in svr-auth.c in is prone to a user enumeration vulnerability, similar to CVE-2018-15473 in OpenSSH. For Debian 8...
CVE-2018-15599
CVE-2018-15599 affects Dropbear up to version 2018.76, where recv_msg_userauth_request in svr-auth.c allows user enumeration because handling of SSH_MSG_USERAUTH fields varies with username validity. The NVD metrics show CVSS v3 base 5.3 (network, low complexity, no user interaction) and CVSS v2 ...
CVE-2018-15599
The recvmsguserauthrequest function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSHMSGUSERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase...