Lucene search
Redhat.comRH:CVE-2018-15919HistoryAug 28, 2018 - 4:49 p.m.
CVE-2018-15919
2018-08-2816:49:59
redhat.com
access.redhat.com
195
0.003 Low
EPSS
Percentile
65.7%
OpenSSH server was found to respond differently to failed GSSAPI authentication attempts when the target user existed versus when that user did not exist. A remote attacker could use this bug to test for the existence of particular usernames on a target system.
Mitigation
If GSSAPI Authentication is not required, this flaw can be mitigated by changing the global configuration in /etc/ssh/sshd_config from GSSAPIAuthentication yes to GSSAPIAuthentication no.
Related
openvas
openvas
OpenSSH 'auth2-gss.c' User Enumeration Vulnerability - Windows
2018-09-05 00:00:00
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2020-1521)
2020-04-30 00:00:00
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2020-1170)
2020-02-25 00:00:00
ibm
ibm
ubuntucve
ubuntucve
CVE-2018-15919
2018-08-28 00:00:00
nessus
nessus
EulerOS 2.0 SP5 : openssh (EulerOS-SA-2020-1316)
2020-03-23 00:00:00
EulerOS Virtualization 3.0.6.0 : openssh (EulerOS-SA-2020-1719)
2020-07-01 00:00:00
EulerOS Virtualization for ARM 64 3.0.2.0 : openssh (EulerOS-SA-2020-1521)
2020-05-01 00:00:00
debiancve
debiancve
CVE-2018-15919
2018-08-28 08:29:00
cvelist
cvelist
CVE-2018-15919
2018-08-28 08:00:00
cve
cve
CVE-2018-15919
2018-08-28 08:29:00
nvd
nvd
CVE-2018-15919
2018-08-28 08:29:00
prion
prion
Design/Logic Flaw
2018-08-28 08:29:00
attackerkb
attackerkb
CVE-2018-15919
2018-08-28 00:00:00
f5
f5
OpenSSH vulnerability CVE-2018-15919
2018-10-02 02:01:00
suse
suse
Security update for openssh (moderate)
2018-11-17 00:13:43
symantec
symantec
OpenSSH Vulnerabilities Jan-Aug 2018
2018-11-29 08:01:01
avleonov
avleonov