OpenSSH auth-gss2.c Information Disclosure VulnerabilityAugust 29, 2018 am31 2:14 am

A vulnerability in OpenSSH could allow an unauthenticated, remote attacker to access sensitive information on a targeted system.

The vulnerability exists in the auth-gss2.c source code file of the affected software and is due to insufficient validation of an authentication request packet when the Guide Star Server II (GSS2) component is used on an affected system. An attacker could exploit this vulnerability by sending an authentication request packet to the targeted system. A successful exploit could allow the attacker to access sensitive information, such as valid usernames.

Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.

The OpenBSD Project has not confirmed the vulnerability, and software updates are not available.

Security Impact Rating: Medium

CVE: CVE-2018-15919

%d bloggers like this: