Remotely observable behaviour in auth-gss2.c in OpenSSH up to and including 7.8 could be used by remote malicious users to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openbsd openssh |
||
netapp data ontap edge - |
||
netapp ontap select deploy - |
||
netapp steelstore - |
||
netapp cloud backup - |
||
netapp cn1610_firmware - |