Date: 5 months ago   Category: Hi-Tech

One more vulnerability in OpenSSH allowing to define presence of users


Less than a week later from the moment of detection of last problem in OpenSSH allowing to define whether there is a user with this name in system, one more similar vulnerability (CVE-2018-15919) is revealed. The problem is present since 2011 and is shown including in a few days ago the published release of OpenSSH 7.8.

the Offered method is based on various behavior of a code of authentication on the basis of API GSS2 for the existing and not existing users. In particular, if the user doesn't exist, then the repeating attempts of authentication lead to break of connection with return of an error of "Too many authentication failures". For the existing users the similar mistake isn't removed.

can In addition note identification of a possibility of definition of existence of the user in the Dropbear SSH server which is often used on the built-in devices and home routers. The vulnerability (CVE-2018-15599) revealed in Dropbear repeats last problem in OpenSSH (the exploit for OpenSSH works for Dropbear). On materials: www.opennet.ru

URL:




Today

just now

The Kiev authorities continue to clean the capital from the advertizing structures. This time the turn reached the intersection of streets of Chernovol and Sechevy Sagittariuses where removed nearly 3...

just now

Parents of the diseased purposefully refused vaccination of children. In Enerhodar recorded infection of children with measles. Victims - 6 kids from families of Baptists. It is known that parents for religious reasons did not impart children. of 4 diseased took away in hospital where they undergo treatment now. Parents of two more which also c...

just now

Owing to heavy and long snowfall on roads of Kiev region traffic standstill was formed, the patrol force of area on the page on Facebook reports. In this regard crews of patrol force of area help th...

just now

In Great Britain scientists of the Oxford and Edinburgh universities tried to recreate in vitro so-called "wave murderer". During the experiment they wanted to show how similar waves appear. Writes Ps...

just now

The Chinese auto giant Geely, certainly, is able to afford experiments - what is only costed by purchase of the Swedish company Volvo in 2010. Development of the niche of coupe-like SUV gaining steam...

just now

Means against high arterial blood pressure is recognized as dangerous because of existence of N-nitrozodietilamina (NDEA) in it in the quantities which are repeatedly exceeding norm, "the Southern Federalny" with reference to the American experts tells. In this regard now in the USA respond from sales to Irbesartana party. It is reported that the...

just now

All noticed that the presentation of the factory Honda MotoGP Repsol team was late for half an hour and began not at 12:30 as it was planned, and at 13:05. Jorge Lorenzo's trauma was reflected in it a...

just now

Ukrpochta and "New mail" warned Ukrainians about possible delays with delivery of mail because of bad weather conditions. Reported about it in the press services of the companies. So, in Ukrpochta r...