Back to KEVs

CVE-2018-15473

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the...

Basic Information

CVE State: PUBLISHED
Reserved Date: August 17, 2018
Published Date: August 17, 2018
Last Updated: December 17, 2025
Vendor: n/a
Product: n/a
Description: OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

CVSS Scores

CVSS v3.1

5.3 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2.0

5.0

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

SSVC Information

Exploitation: poc
Technical Impact: partial

Exploit Status

Proof of Concept Available: Yes (added 2018-08-21 00:09:56 UTC) Source

References

https://security.gentoo.org/glsa/201810-03 http://www.securitytracker.com/id/1041487 https://www.exploit-db.com/exploits/45233/ https://bugs.debian.org/906236 https://www.exploit-db.com/exploits/45210/ https://security.netapp.com/advisory/ntap-20181101-0001/ https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0 https://usn.ubuntu.com/3809-1/ https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html http://www.securityfocus.com/bid/105140 https://www.debian.org/security/2018/dsa-4280 https://www.exploit-db.com/exploits/45939/ https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011 http://www.openwall.com/lists/oss-security/2018/08/15/5 https://access.redhat.com/errata/RHSA-2019:0711 https://access.redhat.com/errata/RHSA-2019:2143 https://www.oracle.com/security-alerts/cpujan2020.html https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2026-04-15 14:28:36 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

SUDORM0X/PoC-CVE-2018-15473

Type: github • Created: 2024-11-20 13:40:14 UTC • Stars: 0

FAFAF

MahdiOsman/CVE-2018-15473-SNMPv1-2-Community-String-Vulnerability-Testing

Type: github • Created: 2024-08-15 11:37:09 UTC • Stars: 0

yZeetje/CVE-2018-15473

Type: github • Created: 2024-06-13 09:55:01 UTC • Stars: 0

Fix for CVE-2018-15473

NestyF/SSH_Enum_CVE-2018-15473

Type: github • Created: 2023-11-02 16:30:52 UTC • Stars: 0

4xolotl/CVE-2018-15473

Type: github • Created: 2023-10-31 11:23:34 UTC • Stars: 0

GaboLC98/userenum-CVE-2018-15473

Type: github • Created: 2023-05-05 21:23:29 UTC • Stars: 0

User enumeration for CVE-2018-15473

Anonimo501/ssh_enum_users_CVE-2018-15473

Type: github • Created: 2023-04-21 13:16:29 UTC • Stars: 0

sergiovks/SSH-User-Enum-Python3-CVE-2018-15473

Type: github • Created: 2023-03-09 15:23:53 UTC • Stars: 4

SSH User Enumerator in Python3, CVE-2018-15473, I updated the code of this exploit (https://www.exploit-db.com/exploits/45939) to work with python3 instead of python2.