This Metasploit module uses a malformed packet or timing attack to enumerate users on an OpenSSH server. The default action sends a malformed (corrupted) SSH_MSG_USERAUTH_REQUEST packet using public key authentication (must be enabled) to enumerate users. On some versions of OpenSSH under some configurations, OpenSSH will return a "permission denied" error for an invalid user faster than for a valid user, creating an opportunity for a timing attack to enumerate users. Testing note: invalid users were logged, while valid users were not. YMMV.
1ffbd9886232ee7c1bbcfa4f8a71da9745e371936b0cb186036866d08b29bde5Ubuntu Security Notice 3809-2 - USN-3809-1 fixed vulnerabilities in OpenSSH. The update for CVE-2018-15473 was incomplete and could introduce a regression in certain environments. This update fixes the problem. Robert Swiecki discovered that OpenSSH incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. It was discovered that OpenSSH incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.
bbf5618081288ef9f000d1c20b8bcd450a9fedd47655c41a8c2f028a9adbe2a3Red Hat Security Advisory 2019-2143-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. A user enumeration issue has been addressed.
c854de43ca637e60fab4cde71bfb15f7bca9bd87fdb75a7b653e028e13bf89d8Red Hat Security Advisory 2019-0711-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. A user enumeration vulnerability has been addressed.
17d482361c54b18db02df6f946c0410ecfdce8f4d95c51ec96f5bb8b8671bbceOpenSSH versions prior to 7.7 suffer from a user enumeration vulnerability.
4859577142cc1049d3959af66839a236a04781ada4ed91ed9ebe565b43f98029Ubuntu Security Notice 3809-1 - Robert Swiecki discovered that OpenSSH incorrectly handled certain messages. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. It was discovered that OpenSSH incorrectly handled certain requests. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.
a84cfe92dbfe11614adbc141355e26a2d23aae9a63b987c3e12f8f9574c9b486Gentoo Linux Security Advisory 201810-3 - A vulnerability in OpenSSH might allow remote attackers to determine valid usernames. Versions less than 7.7_p1-r8 are affected.
4eaeadcd0ccfca140343f9021fc9940509d2cb19aa94d8936aad31440773226bDebian Linux Security Advisory 4280-1 - Dariusz Tytko, Michal Sajdak and Qualys Security discovered that OpenSSH, an implementation of the SSH protocol suite, was prone to a user enumeration vulnerability. This would allow a remote attacker to check whether a specific user account existed on the target server.
2ed45514e65d9fdb3cbf5ee545aebf49a71c01525b82238042764a8d74bf6efd
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed