Ask the Community
Groups
CVE-2018-15473 openssh: User enumeration via malformed packets in authentication requests - Connect IT Community | Kaseya
<main> <article class="userContent"> <h3 data-id="cve-id"><strong>CVE ID</strong></h3> <p>CVE-2018-15473</p> <h3 data-id="description"><strong>DESCRIPTION</strong></h3> <p>A user enumeration vulnerability flaw was found in OpenSSH, though version 7.7. The vulnerability occurs by not delaying bailout for an invalid authenticated user until after the packet containing the request has been fully parsed. The highest threat from this vulnerability is to data confidentiality.</p> <h3 data-id="resolution"><strong>RESOLUTION</strong></h3> <p></p> <ul><li>CentOS6 Unitrends' appliances (physical and/or virtual), fixed in Unitrends software release-10.3.8-4. Please upgrade to latest release.</li> <li>CentOS7 Unitrends' appliances (physical and/or virtual) do not have a fix for this CVE as of the current release (10.4.3).</li> </ul><h3 data-id="link-to-advisories"><strong>LINK TO ADVISORIES</strong></h3> <p></p> <ul><li><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Faccess.redhat.com%2Fsecurity%2Fcve%2Fcve-2018-15473">https://access.redhat.com/security/cve/cve-2018-15473</a></li></ul> </article> </main>