Added version check for OpenSSH user enumeration (CVE-2018-15473). (#83)

2025-06-25 12:04:32 +02:00 · 2020-11-05 20:24:09 -05:00
parent 5c8dc5105b
commit 0d9881966c
10 changed files with 14 additions and 4 deletions
--- a/test/docker/expected_results/openssh_4.0p1_test1.txt
+++ b/test/docker/expected_results/openssh_4.0p1_test1.txt
@ -6,6 +6,7 @@
 [0;32m(gen) compression: enabled (zlib)[0m

 [0;36m# security[0m
+[0;33m(cve) CVE-2018-15473                      -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies[0m
 [0;33m(cve) CVE-2016-3115                       -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
 [0;33m(cve) CVE-2014-1692                       -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption)[0m
 [0;33m(cve) CVE-2012-0814                       -- (CVSSv2: 3.5) leak data via debug messages[0m