Added version check for OpenSSH user enumeration (CVE-2018-15473). (#83)

2025-06-25 03:54:31 +02:00 · 2020-11-05 20:24:09 -05:00
parent 5c8dc5105b
commit 0d9881966c
10 changed files with 14 additions and 4 deletions
--- a/test/docker/expected_results/openssh_5.6p1_test4.txt
+++ b/test/docker/expected_results/openssh_5.6p1_test4.txt
@ -5,6 +5,7 @@
 [0;32m(gen) compression: enabled (zlib@openssh.com)[0m

 [0;36m# security[0m
+[0;33m(cve) CVE-2018-15473                        -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies[0m
 [0;33m(cve) CVE-2016-3115                         -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
 [0;33m(cve) CVE-2016-1907                         -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)[0m
 [0;33m(cve) CVE-2015-6564                         -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid[0m