User enumeration in Dropbear 2018.76 and earlier
matt at ucc.asn.au
Thu Aug 23 23:50:29 AWST 2018
On Mon 20/8/2018, at 11:55 pm, Matt Johnston <matt at ucc.asn.au> wrote:
> I can confirm Dropbear has the same problem, probably all versions. I should have a patch in the next couple of days.
> This allows someone to remotely know whether a particular username exists or not on a server. In some circumstances that could be a problem, though by itself it doesn't allow exploitation of a server.
This should be fixed by https://secure.ucc.asn.au/hg/dropbear/rev/5d2d1021ca00 , a CVE number is CVE-2018-15599
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dropbear