Dropbear recv_msg_userauth_request Function User Enumeration VulnerabilityAugust 23, 2018 am31 1:45 am

A vulnerability in the recv_msg_userauth_request function of Dropbear could allow an unauthenticated, remote attacker to access sensitive information on a targeted system.

The vulnerability exists in the recv_msg_userauth_request function, as defined in the svr-auth.c source code file of the affected software, and is due to the way fields in SSH_MSG_USERAUTH messages are handled based on username validity. An attacker could exploit this vulnerability by sending an authentication request packet to the targeted system. A successful exploit could allow the attacker to access sensitive information, such as valid usernames.

Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.

The vendor confirmed the vulnerability; however, software updates are not available.

Security Impact Rating: Medium

CVE: CVE-2018-15599

%d bloggers like this: