CVE-2018-15599

MEDIUM

Debian Linux < 2018.76 - Information Disclosure

Title source: rule

Description

The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase.

Exploits (1)

nomisec WORKING POC

by Remnant-DB · poc

https://github.com/Remnant-DB/CVE-2018-15599

View Code ZIP pw:eip

References (5)

[Various Sources] https://matt.ucc.asn.au/dropbear/CHANGES

[Mailing List, Third Party Advisory] http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002108.html

[Mailing List, Third Party Advisory] http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002109.html

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2018/08/msg00026.html

[Third Party Advisory] https://old.reddit.com/r/blackhat/comments/97ywnm/openssh_username_enumeration/e4e05n2/

Scores

CVSS v3 5.3

EPSS 0.0052

EPSS Percentile 66.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (2)

debian/debian_linux

dropbear_ssh_project/dropbear_ssh < 2018.76

Timeline

Published Aug 21, 2018

Tracked Since Feb 18, 2026