OpenSSH is prone to a user-enumeration vulnerability.
An attacker may leverage this issue to harvest valid user accounts, which may aid in brute-force attacks.
OpenSSH through 7.7 are vulnerable; other versions may also be affected.
Information
Redhat Enterprise Linux 6
Redhat Enterprise Linux 5
OpenSSH OpenSSH 3.4
OpenSSH OpenSSH 3.3
OpenSSH OpenSSH 2.9
OpenSSH OpenSSH 2.5.2
OpenSSH OpenSSH 2.5.1
OpenSSH OpenSSH 2.5
OpenSSH OpenSSH 2.3
OpenSSH OpenSSH 2.1.1
OpenSSH OpenSSH 2.1
OpenSSH OpenSSH 1.2.3
OpenSSH OpenSSH 1.2.2
OpenSSH OpenSSH 7.7
OpenSSH OpenSSH 7.6
OpenSSH OpenSSH 7.4
OpenSSH OpenSSH 7.3
OpenSSH OpenSSH 7.2
OpenSSH OpenSSH 7.1
OpenSSH OpenSSH 7.0
OpenSSH OpenSSH 6.9
OpenSSH OpenSSH 6.8
OpenSSH OpenSSH 6.7
OpenSSH OpenSSH 6.6
OpenSSH OpenSSH 6.5
OpenSSH OpenSSH 6.4
OpenSSH OpenSSH 6.3
OpenSSH OpenSSH 6.2
OpenSSH OpenSSH 6.1
OpenSSH OpenSSH 6.0
OpenSSH OpenSSH 5.8
OpenSSH OpenSSH 5.7
OpenSSH OpenSSH 5.6
OpenSSH OpenSSH 5.5
OpenSSH OpenSSH 4.5
OpenSSH OpenSSH 1.127
OpenSSH OpenSSH 1.126
OpenBSD OpenSSH 6.0
OpenBSD OpenSSH 3.0.2
OpenBSD OpenSSH 2.5.2
OpenBSD OpenSSH 2.3.1
OpenBSD OpenSSH 2.1
OpenBSD OpenSSH 1.2.3
OpenBSD OpenSSH 1.2
OpenBSD OpenSSH 6.6
OpenBSD OpenSSH 6.5
OpenBSD OpenSSH 6.4
OpenBSD OpenSSH 5.9
OpenBSD OpenSSH 5.8
OpenBSD OpenSSH 5.7
OpenBSD OpenSSH 5.4
OpenBSD OpenSSH 5.2
OpenBSD OpenSSH 5.1
OpenBSD OpenSSH 4.9
OpenBSD OpenSSH 4.8
OpenBSD OpenSSH 4.7
OpenBSD OpenSSH 4.6
OpenBSD OpenSSH 4.4
OpenBSD OpenSSH 4.3
OpenBSD OpenSSH 4.2
OpenBSD OpenSSH 4.1
OpenBSD OpenSSH 4.0
Exploit
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
References:
- delay bailout for invalid authenticating user until after the packet (openbsd)
- CVE-2018-15473-Exploit (Rhynorater)
- OpenSSH Homepage (OpenSSH)
- Bug 1619063 - (CVE-2018-15473) CVE-2018-15473 openssh: User enumeration via mal (Redhat)
- CVE-2018-15473 (Redhat)