-
Notifications
You must be signed in to change notification settings - Fork 35
OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473).
License
trimstray/massh-enum
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
+----------------+ | massh-enum 1.0 | +----------------+ OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473) This script contains Matthew Daley Python script <https://bugfuzz.com/stuff/ssh-check-username.py> License: GPLv3, <http://www.gnu.org/licenses/> Description OpenSSH versions 2.3 up to 7.4 suffer from a username enumeration vulnerability. The attacker can try to authenticate a user with a malformed packet (for example, a truncated packet), and: - if the user is invalid (it does not exist), then userauth_pubkey() returns immediately, and the server sends an SSH2_MSG_USERAUTH_FAILURE to the attacker; - if the user is valid (it exists), then sshpkt_get_u8() fails, and the server calls fatal() and closes its connection to the attacker. More information about this vulnerability: * https://nvd.nist.gov/vuln/detail/CVE-2018-15473 * http://seclists.org/oss-sec/2018/q3/124 How it works? # ./bin/massh-enum --hosts 10.240.20.0/28 --users wordlists/users › Generating a list of hosts › Username Enumeration host: 10.240.20.1 (p:22), found user: root host: 10.240.20.1 (p:22), found user: supervisor host: 10.240.20.2 (p:22), found user: root Requirements - Bash (testing on 4.4.19) - Python (testing on 2.7) - Nmap (testing on 7.70)
About
OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473).
Topics
Resources
License
Code of conduct
Stars
Watchers
Forks
Packages 0
No packages published