User enumeration in Dropbear 2018.76 and earlier

Matt Johnston matt at
Mon Aug 20 23:55:03 AWST 2018

On Mon 20/8/2018, at 5:50 pm, Matthijs R. Koot <koot at> wrote:
> The user enumeration issue in OpenSSH [0] also exists in Dropbear 2018.76
> and earlier; at least going back to w/v2013.58 (didn't test with earlier
> versions yet). It is specifically related to this code in svr-auth.c [1]:
> [0]
> [1]

Hi Matthijs,

I can confirm Dropbear has the same problem, probably all versions. I should have a patch in the next couple of days.

This allows someone to remotely know whether a particular username exists or not on a server. In some circumstances that could be a problem, though by itself it doesn't allow exploitation of a server.

Some background, OpenSSH and Dropbear don't share authentication code but they both took a similar approach to handling authentication request packets. The SSH_MSG_USERAUTH message structure varies depending on the "method" field [ZZ], so the subsequent fields only get read after the username has been handled - that needs to be handled carefully. I might have looked at the OpenSSH auth code when first implementing Dropbear's, though it doesn't really look familar now.


      string    user name
      string    service name
      string    method name  ("publickey", "password" etc)
      .... method specific fields

More information about the Dropbear mailing list