Описание
Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'
A vulnerability was found in OpenSSH Server, where failed GSSAPI authentication attempts elicit different responses depending on whether the target username exists, a remote attacker could exploit this behavior to enumerate valid usernames on a system, potentially aiding in further attacks. This issue could be leveraged in reconnaissance efforts to identify existing user accounts.
Отчет
This vulnerability is rated as moderate because OpenSSH Server responds differently to failed GSSAPI authentication attempts based on whether a target username exists, while this does not directly compromise system integrity, it could facilitate further attacks such as brute-force or credential-stuffing attempts.
Меры по смягчению последствий
If GSSAPI Authentication is not required, this flaw can be mitigated by changing the global configuration in /etc/ssh/sshd_config from GSSAPIAuthentication yes to GSSAPIAuthentication no.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | openssh | Not affected | ||
| Red Hat Enterprise Linux 6 | openssh | Not affected | ||
| Red Hat Enterprise Linux 7 | openssh | Will not fix | ||
| Red Hat Enterprise Linux 8 | openssh | Will not fix | ||
| Red Hat Virtualization 4 | openssh | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'
Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'
Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 co ...
Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'
Уязвимость средства криптографической защиты OpenSSH, связанная с отсутствием защиты служебных данных, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
5.3 Medium
CVSS3