OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473).
+----------------+ | massh-enum 1.0 | +----------------+
OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473)
This script contains Matthew Daley Python script <https://bugfuzz.com/stuff/ssh-check-username.py>
License: GPLv3, <http://www.gnu.org/licenses/>
Description
OpenSSH versions 2.3 up to 7.4 suffer from a username enumeration vulnerability.
The attacker can try to authenticate a user with a malformed packet (for example, a truncated packet), and:
if the user is invalid (it does not exist), then userauth_pubkey() returns immediately, and the server sends an SSH2_MSG_USERAUTH_FAILURE to the attacker;
if the user is valid (it exists), then sshpkt_get_u8() fails, and the server calls fatal() and closes its connection to the attacker.
More information about this vulnerability:
How it works?
› Generating a list of hosts › Username Enumeration host: 10.240.20.1 (p:22), found user: root host: 10.240.20.1 (p:22), found user: supervisor host: 10.240.20.2 (p:22), found user: root
Requirements