CVE-2018-15473

Impact:
Low
Public Date:
2018-08-16
CWE:
CWE-200
Bugzilla:
1619063: CVE-2018-15473 openssh: User enumeration via malformed packets in authentication requests

The MITRE CVE dictionary describes this issue as:

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

Find out more about CVE-2018-15473 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 5.3
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Impact None
Availability Impact None

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 openssh Affected
Red Hat Enterprise Linux 6 openssh Will not fix
Red Hat Enterprise Linux 5 openssh Will not fix

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.