CVE-2018-15599

MEDIUM

Debian Linux < 2018.76 - Information Disclosure

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-15599. PoCs published by Remnant-DB.

AI-analyzed exploit summary This repository provides a containerized lab environment for testing CVE-2018-15599, a user enumeration vulnerability in Dropbear SSH. It includes a Dockerfile to build a vulnerable Dropbear instance and scripts to run it, allowing users to practice defensive analysis and hardening validation.

Description

The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase.

Exploits (1)

nomisec WORKING POC

by Remnant-DB · poc

https://github.com/Remnant-DB/CVE-2018-15599

View Code ZIP pw:eip

This repository provides a containerized lab environment for testing CVE-2018-15599, a user enumeration vulnerability in Dropbear SSH. It includes a Dockerfile to build a vulnerable Dropbear instance and scripts to run it, allowing users to practice defensive analysis and hardening validation.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Dropbear SSH 2018.76

No auth needed

Prerequisites: Docker or Podman · Network access to the container

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Mar 09, 2026 Full analysis →

References (5)

Core 5

Core References

Various Sources x_refsource_confirm

https://matt.ucc.asn.au/dropbear/CHANGES

Mailing List, Third Party Advisory x_refsource_misc

http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002109.html

Mailing List, Third Party Advisory x_refsource_misc

http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002108.html

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2018/08/msg00026.html

Third Party Advisory x_refsource_misc

https://old.reddit.com/r/blackhat/comments/97ywnm/openssh_username_enumeration/e4e05n2/

Scores

CVSS v3 5.3

EPSS 0.0271

EPSS Percentile 84.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-200

Status published

Products (2)

debian/debian_linux 8.0

dropbear_ssh_project/dropbear_ssh < 2018.76

Published Aug 21, 2018

Tracked Since Feb 18, 2026