### [CVE-2018-15919](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15919)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'

### POC

#### Reference
- http://seclists.org/oss-sec/2018/q3/180
- http://seclists.org/oss-sec/2018/q3/180

#### Github
- https://github.com/1stPeak/CVE-2018-15473
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Milkad0/DC-4_VulnHub
- https://github.com/ProTechEx/asn
- https://github.com/averna-syd/Shodan
- https://github.com/bioly230/THM_Skynet
- https://github.com/firatesatoglu/iot-searchengine
- https://github.com/firatesatoglu/shodanSearch
- https://github.com/lacysw/RandScan
- https://github.com/nitefood/asn
- https://github.com/project7io/nmap
- https://github.com/rahadhasan666/ASN_IP_LOOKUP
- https://github.com/scottyscripts/protect_ya_neck_api
- https://github.com/swlacy/RandScan
- https://github.com/vshaliii/Basic-Pentesting-2-Vulnhub-Walkthrough
- https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough
- https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough
- https://github.com/vshaliii/DC-4-Vulnhub-Walkthrough
- https://github.com/vshaliii/Funbox2-rookie