Gracias BE66 A080 025C FF72 A307 C054 827A E2A3 EC20 8239 nota oficial que aparece en blog [0]
CVE-2018-15473 by MITRE [1] test script [2]: $ id test id: ‘test’: no such user $ python ssh-check-username.py localhost root [+] Valid username $ python ssh-check-username.py localhost test [*] Invalid username after upgrade in debian stable $ python ssh-check-username.py localhost root [+] Valid username $ python ssh-check-username.py localhost test [+] Valid username [0] http://seclists.org/oss-sec/2018/q3/124 [1] http://seclists.org/oss-sec/2018/q3/134 [2] http://seclists.org/oss-sec/2018/q3/125 On Wed, Aug 22, 2018 at 7:05 PM kakak <kak_adel_...@riseup.net> wrote: > > This bug allows a remote attacker to guess the usernames registered on > an OpenSSH server. > > A vulnerability affects all versions of the OpenSSH client released in > the past two decades, ever since the application was released in 1999. > > https://www.bleepingcomputer.com/news/security/vulnerability-affects-all-openssh-versions-released-in-the-past-two-decades/ > > -- > BE66 A080 025C FF72 A307 C054 827A E2A3 EC20 8239 > > Fin de la cita. > _______________________________________________ > HackMeeting mailing list > HackMeeting@listas.sindominio.net > https://listas.sindominio.net/mailman/listinfo/hackmeeting _______________________________________________ HackMeeting mailing list HackMeeting@listas.sindominio.net https://listas.sindominio.net/mailman/listinfo/hackmeeting
