The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase.
CPE | Name | Operator | Version |
---|---|---|---|
debian_linux | eq | 8.0 | |
dropbear_ssh | le | 2018.76 |