Back to search
CVE-2018-15599
Published: Aug 21, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://matt.ucc.asn.au/dropbear/CHANGES
x_refsource_CONFIRM
[debian-lts-announce] 20180827 [SECURITY] [DLA 1476-1] dropbear security update
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now