nuclei-templates/cves/2018/CVE-2018-15473.yaml

id: CVE-2018-15473

info:
  name: OpenSSH Username Enumeration
  author: r3dg33k,daffainfo
  description: OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
  severity: low
  tags: network,openssh
  reference: https://nvd.nist.gov/vuln/detail/CVE-2018-15473

network:
  - host:
      - "{{Hostname}}"
      - "{{Hostname}}:22"

    matchers:
      - type: regex
        regex:
          - 'SSH-2.0-OpenSSH_[1-7].*'
Update and rename network/openssh-username-enumeration.yaml to cves/2018/CVE-2018-15473.yaml 2021-08-21 11:55:11 +00:00			`id: CVE-2018-15473`

			`info:`
			`name: OpenSSH Username Enumeration`
			`author: r3dg33k,daffainfo`
			`description: OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.`
			`severity: low`
			`tags: network,openssh`
			`reference: https://nvd.nist.gov/vuln/detail/CVE-2018-15473`

			`network:`
			`- host:`
			`- "{{Hostname}}"`
			`- "{{Hostname}}:22"`

			`matchers:`
			`- type: regex`
			`regex:`
			`- 'SSH-2.0-OpenSSH_[1-7].*'`