Skip to main content

OpenSSH Username Enumeration Vulnerability

A user enumeration vulnerability in the OpenSSH connectivity tool has been disclosed by a group of security researchers. A remote attacker could exploit this vulnerability to determine valid usernames on a target system.
Threat ID:
CC-2619
Category:
Threat Severity:
Low
Threat Vector:
Published:
20 August 2018 12:00 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

A user enumeration vulnerability in the OpenSSH connectivity tool has been disclosed by a group of security researchers. A remote attacker could exploit this vulnerability to determine valid usernames on a target system.

Threat details

Remediation steps

Type Step
An update to address this vulnerability has been made available through the OpenBSD Github repository. Users and administrators should apply this update immediately

CVE Vulnerabilities

Status

CVE-2018-15473

Last edited: 17 February 2020 12:51 pm