cve/2018/CVE-2018-15919.md

### [CVE-2018-15919](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15919)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'

### POC

#### Reference
- http://seclists.org/oss-sec/2018/q3/180

#### Github
- https://github.com/1stPeak/CVE-2018-15473
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Milkad0/DC-4_VulnHub
- https://github.com/ProTechEx/asn
- https://github.com/averna-syd/Shodan
- https://github.com/bioly230/THM_Skynet
- https://github.com/firatesatoglu/iot-searchengine
- https://github.com/firatesatoglu/shodanSearch
- https://github.com/lacysw/RandScan
- https://github.com/nitefood/asn
- https://github.com/project7io/nmap
- https://github.com/rahadhasan666/ASN_IP_LOOKUP
- https://github.com/scottyscripts/protect_ya_neck_api
- https://github.com/swlacy/RandScan
- https://github.com/vshaliii/Basic-Pentesting-2-Vulnhub-Walkthrough
- https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough
- https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough
- https://github.com/vshaliii/DC-4-Vulnhub-Walkthrough
- https://github.com/vshaliii/Funbox2-rookie
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2018-15919](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15919)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'`

			`### POC`

			`#### Reference`
			`- http://seclists.org/oss-sec/2018/q3/180`

			`#### Github`
			`- https://github.com/1stPeak/CVE-2018-15473`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/Milkad0/DC-4_VulnHub`
			`- https://github.com/ProTechEx/asn`
			`- https://github.com/averna-syd/Shodan`
			`- https://github.com/bioly230/THM_Skynet`
			`- https://github.com/firatesatoglu/iot-searchengine`
			`- https://github.com/firatesatoglu/shodanSearch`
			`- https://github.com/lacysw/RandScan`
			`- https://github.com/nitefood/asn`
			`- https://github.com/project7io/nmap`
			`- https://github.com/rahadhasan666/ASN_IP_LOOKUP`
			`- https://github.com/scottyscripts/protect_ya_neck_api`
			`- https://github.com/swlacy/RandScan`
			`- https://github.com/vshaliii/Basic-Pentesting-2-Vulnhub-Walkthrough`
			`- https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough`
			`- https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough`
			`- https://github.com/vshaliii/DC-4-Vulnhub-Walkthrough`
			`- https://github.com/vshaliii/Funbox2-rookie`