Username enumeration via Openssh 7.6
Medium
Vulnerability Details
Username enumeration
I have found a vulnerability in your site that allows me to verify if an user exits in the ssh due to the use of OpenSSH 7.6p1.
PoC
1 Download and compile the given exploit file
2 open a terminal and run the exploit
I have attached a Screenshot if detailed PoC is needed please inform me.
## Impact
The attacker can get a list of users available in the ssh.
Actions
View on HackerOneReport Stats
- Report ID: 776461
- State: Closed
- Substate: informative
- Upvotes: 12