Date: 7 months ago   Category: Hi-Tech

One more vulnerability in OpenSSH allowing to define presence of users


Less than a week later from the moment of detection of last problem in OpenSSH allowing to define whether there is a user with this name in system, one more similar vulnerability (CVE-2018-15919) is revealed. The problem is present since 2011 and is shown including in a few days ago the published release of OpenSSH 7.8.

the Offered method is based on various behavior of a code of authentication on the basis of API GSS2 for the existing and not existing users. In particular, if the user doesn't exist, then the repeating attempts of authentication lead to break of connection with return of an error of "Too many authentication failures". For the existing users the similar mistake isn't removed.

can In addition note identification of a possibility of definition of existence of the user in the Dropbear SSH server which is often used on the built-in devices and home routers. The vulnerability (CVE-2018-15599) revealed in Dropbear repeats last problem in OpenSSH (the exploit for OpenSSH works for Dropbear). On materials: www.opennet.ru

URL:




Today

just now

Yanukovych's apartment on Obolonskaya Embankment in Kiev was leased. The price of rent of the apartment and also who rents it, is not reported. reported about it the director of the National agency...

just now

Researchers identified the true personality of Jack the Ripper of the English detective together with scientists could identify the personality of the legendary murderer - Jack the Ripper. the amate...

just now

Turkey and Iran on Monday, March 18, for the first time performed joint anti-terrorist operation against members of Kurdistan Workers' Party. the operation of Ankara and Tehran Directed against RPK...

just now

On December 22, 2016 Privatbank finally passed into state ownership, now 100% of its stocks belong to the Ministry of Finance. on December 23 the former head of the Ministry of Finance Alexander Danil...

just now

Day of the presentation of new Redmi-devices the Xiaomi company will be the announcement fully completed of wireless Xiaomi Redmi AirDots earphones. It is the budgetary attempt of the company to join...

just now

The president of Ukraine Petro Poroshenko intends to develop the latest rocket technologies in Ukraine fully to protect the country from aggression. the head of state declared it on air of the Freed...

just now

The The Supreme Council of Justice (SCJ) made the decision to bring representation to the president of Ukraine Petro Poroshenko about appointment to positions of 25 judges to positions of judges of th...

just now

10.5-inch iPad Air the Apple company calls the new tablet the hi-tech, powerful and functional device with very attractive cost. In comparison with "ordinary" iPad the screen is 20% more now. Resolu...