OpenSSH Username Enumeration Vulnerability CVE-2018-15473

Support for security such as Firewalls and securing linux
Post Reply
kunalsakpal
Posts: 1
Joined: 2018/10/24 08:32:32

OpenSSH Username Enumeration Vulnerability CVE-2018-15473

Post by kunalsakpal » 2018/10/24 11:38:33

THREAT:
OpenSSH (OpenBSD Secure Shell) is a set of computer programs providing encrypted communication sessions over a computer network using the
SSH protocol.
A username enumeration vulnerability exists in OpenSSH, that a remote attacker could leverage to enumerate valid users on a targeted system. The
attacker could try to enumerate users by transmitting malicious packets. Due to the vulnerability, if a username does not exist, then the server sends
a SSH2_MSG_USERAUTH_FAILURE message to the attacker. If the username exists, then the server sends a SSH2_MSG_SERVICE_ACCEPT
before calling fatal() and closes the connection.
Affected Versions:
All current OpenSSH installations are affected by this vulnerability.
QID Detection Logic:
Authenticated: Vulnerable OpenSSH versions are detected by running ssh -V command.
Unauthenticated: Vulnerable OpenSSH versions are detected from the banner exposed.

IMPACT:
Successful exploitation allows an attacker to enumerate usernames on a targeted system.

as we are using up to date Centos 7 version and having an OpenSSH_7.4p1 version installed on it as per the Centos Repository.
please suggest the solution for the above threat.

User avatar
TrevorH
Forum Moderator
Posts: 24052
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: OpenSSH Username Enumeration Vulnerability CVE-2018-15473

Post by TrevorH » 2018/10/24 11:53:36

CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

aleangelico
Posts: 4
Joined: 2016/08/18 20:43:26

Re: OpenSSH Username Enumeration Vulnerability CVE-2018-15473

Post by aleangelico » 2018/12/05 16:11:11

Hi,

Anyone knows if there is a workaround or fix? the link to RedHat shows a workaround but you need a RedHat paid account to read it completely.

I understand this exploit is not a big deal, but I have 2 sites failing the PCI audit because of this exploit.

User avatar
TrevorH
Forum Moderator
Posts: 24052
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: OpenSSH Username Enumeration Vulnerability CVE-2018-15473

Post by TrevorH » 2018/12/05 16:19:36

I don't need an account to read https://access.redhat.com/security/cve/cve-2018-15473 and for the link from there to the KB article, that can be read with the free developer RHEL subscription.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

aleangelico
Posts: 4
Joined: 2016/08/18 20:43:26

Re: OpenSSH Username Enumeration Vulnerability CVE-2018-15473

Post by aleangelico » 2018/12/05 16:28:10

TrevorH wrote:
2018/12/05 16:19:36
I don't need an account to read https://access.redhat.com/security/cve/cve-2018-15473 and for the link from there to the KB article, that can be read with the free developer RHEL subscription.
I din't know about the developer subscription, I'll try it.
Yes, the first article is available, but there is a link for "limiting access to SSHD" where you need a valid subscription.

Thanks @TrevorH!

Post Reply