145 lines
4.8 KiB
YAML
145 lines
4.8 KiB
YAML
|
id: openssh-username-enumeration
|
||
|
|
||
|
info:
|
||
|
name: OpenSSH 2.3 < 7.7 Detection
|
||
|
author: r3dg33k
|
||
|
severity: medium
|
||
|
tags: network,openssh
|
||
|
description: OpenSSH 2.3 < 7.7 is vulnerable to username enumeration
|
||
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2018-15473
|
||
|
|
||
|
network:
|
||
|
- host:
|
||
|
- "{{Hostname}}"
|
||
|
- "{{Hostname}}:22"
|
||
|
|
||
|
matchers:
|
||
|
- type: word
|
||
|
words:
|
||
|
- "SSH-2.0-OpenSSH_7.6"
|
||
|
- "SSH-2.0-OpenSSH_7.6p1"
|
||
|
- "SSH-2.0-OpenSSH_7.5"
|
||
|
- "SSH-2.0-OpenSSH_7.5p1"
|
||
|
- "SSH-2.0-OpenSSH_7.4"
|
||
|
- "SSH-2.0-OpenSSH_7.4p1"
|
||
|
- "SSH-2.0-OpenSSH_7.3"
|
||
|
- "SSH-2.0-OpenSSH_7.3p1"
|
||
|
- "SSH-2.0-OpenSSH_7.2p2"
|
||
|
- "SSH-2.0-OpenSSH_7.2"
|
||
|
- "SSH-2.0-OpenSSH_7.2p1"
|
||
|
- "SSH-2.0-OpenSSH_7.1p2"
|
||
|
- "SSH-2.0-OpenSSH_7.1"
|
||
|
- "SSH-2.0-OpenSSH_7.1p1"
|
||
|
- "SSH-2.0-OpenSSH_7.0"
|
||
|
- "SSH-2.0-OpenSSH_7.0p1"
|
||
|
- "SSH-2.0-OpenSSH_6.9"
|
||
|
- "SSH-2.0-OpenSSH_6.9p1"
|
||
|
- "SSH-2.0-OpenSSH_6.8"
|
||
|
- "SSH-2.0-OpenSSH_6.8p1"
|
||
|
- "SSH-2.0-OpenSSH_6.7"
|
||
|
- "SSH-2.0-OpenSSH_6.7p1"
|
||
|
- "SSH-2.0-OpenSSH_6.6"
|
||
|
- "SSH-2.0-OpenSSH_6.6p1"
|
||
|
- "SSH-2.0-OpenSSH_6.5"
|
||
|
- "SSH-2.0-OpenSSH_6.5p1"
|
||
|
- "SSH-2.0-OpenSSH_6.4"
|
||
|
- "SSH-2.0-OpenSSH_6.4p1"
|
||
|
- "SSH-2.0-OpenSSH_6.3"
|
||
|
- "SSH-2.0-OpenSSH_6.3p1"
|
||
|
- "SSH-2.0-OpenSSH_6.2p2"
|
||
|
- "SSH-2.0-OpenSSH_6.2"
|
||
|
- "SSH-2.0-OpenSSH_6.2p1"
|
||
|
- "SSH-2.0-OpenSSH_6.1"
|
||
|
- "SSH-2.0-OpenSSH_6.1p1"
|
||
|
- "SSH-2.0-OpenSSH_6.0"
|
||
|
- "SSH-2.0-OpenSSH_6.0p1"
|
||
|
- "SSH-2.0-OpenSSH_5.9"
|
||
|
- "SSH-2.0-OpenSSH_5.9p1"
|
||
|
- "SSH-2.0-OpenSSH_5.8p2"
|
||
|
- "SSH-2.0-OpenSSH_5.8"
|
||
|
- "SSH-2.0-OpenSSH_5.8p1"
|
||
|
- "SSH-2.0-OpenSSH_5.7"
|
||
|
- "SSH-2.0-OpenSSH_5.7p1"
|
||
|
- "SSH-2.0-OpenSSH_5.6"
|
||
|
- "SSH-2.0-OpenSSH_5.6p1"
|
||
|
- "SSH-2.0-OpenSSH_5.5"
|
||
|
- "SSH-2.0-OpenSSH_5.5p1"
|
||
|
- "SSH-2.0-OpenSSH_5.4"
|
||
|
- "SSH-2.0-OpenSSH_5.4p1"
|
||
|
- "SSH-2.0-OpenSSH_5.3"
|
||
|
- "SSH-2.0-OpenSSH_5.3p1"
|
||
|
- "SSH-2.0-OpenSSH_5.2"
|
||
|
- "SSH-2.0-OpenSSH_5.2p1"
|
||
|
- "SSH-2.0-OpenSSH_5.1"
|
||
|
- "SSH-2.0-OpenSSH_5.1p1"
|
||
|
- "SSH-2.0-OpenSSH_5.0"
|
||
|
- "SSH-2.0-OpenSSH_5.0p1"
|
||
|
- "SSH-2.0-OpenSSH_4.9"
|
||
|
- "SSH-2.0-OpenSSH_4.9p1"
|
||
|
- "SSH-2.0-OpenSSH_4.8"
|
||
|
- "SSH-2.0-OpenSSH_4.8p1"
|
||
|
- "SSH-2.0-OpenSSH_4.6"
|
||
|
- "SSH-2.0-OpenSSH_4.6p1"
|
||
|
- "SSH-2.0-OpenSSH_4.7"
|
||
|
- "SSH-2.0-OpenSSH_4.7p1"
|
||
|
- "SSH-2.0-OpenSSH_4.5"
|
||
|
- "SSH-2.0-OpenSSH_4.5p1"
|
||
|
- "SSH-2.0-OpenSSH_4.4"
|
||
|
- "SSH-2.0-OpenSSH_4.4p1"
|
||
|
- "SSH-2.0-OpenSSH_4.3p2"
|
||
|
- "SSH-2.0-OpenSSH_4.3"
|
||
|
- "SSH-2.0-OpenSSH_4.3p1"
|
||
|
- "SSH-2.0-OpenSSH_4.2"
|
||
|
- "SSH-2.0-OpenSSH_4.2p1"
|
||
|
- "SSH-2.0-OpenSSH_4.1"
|
||
|
- "SSH-2.0-OpenSSH_4.1p1"
|
||
|
- "SSH-2.0-OpenSSH_4.0"
|
||
|
- "SSH-2.0-OpenSSH_4.0p1"
|
||
|
- "SSH-2.0-OpenSSH_3.9"
|
||
|
- "SSH-2.0-OpenSSH_3.9p1"
|
||
|
- "SSH-2.0-OpenSSH_3.8.1p1"
|
||
|
- "SSH-2.0-OpenSSH_3.8"
|
||
|
- "SSH-2.0-OpenSSH_3.8p1"
|
||
|
- "SSH-2.0-OpenSSH_3.7.1p2"
|
||
|
- "SSH-2.0-OpenSSH_3.7.1"
|
||
|
- "SSH-2.0-OpenSSH_3.7.1p1"
|
||
|
- "SSH-2.0-OpenSSH_3.7"
|
||
|
- "SSH-2.0-OpenSSH_3.7p1"
|
||
|
- "SSH-2.0-OpenSSH_3.6.1p2"
|
||
|
- "SSH-2.0-OpenSSH_3.6.1"
|
||
|
- "SSH-2.0-OpenSSH_3.6.1p1"
|
||
|
- "SSH-2.0-OpenSSH_3.6"
|
||
|
- "SSH-2.0-OpenSSH_3.6p1"
|
||
|
- "SSH-2.0-OpenSSH_3.5"
|
||
|
- "SSH-2.0-OpenSSH_3.5p1"
|
||
|
- "SSH-2.0-OpenSSH_3.4"
|
||
|
- "SSH-2.0-OpenSSH_3.4p1"
|
||
|
- "SSH-2.0-OpenSSH_3.3"
|
||
|
- "SSH-2.0-OpenSSH_3.3p1"
|
||
|
- "SSH-2.0-OpenSSH_3.2.3"
|
||
|
- "SSH-2.0-OpenSSH_3.2.3p1"
|
||
|
- "SSH-2.0-OpenSSH_3.2.2"
|
||
|
- "SSH-2.0-OpenSSH_3.2.2p1"
|
||
|
- "SSH-2.0-OpenSSH_3.1"
|
||
|
- "SSH-2.0-OpenSSH_3.1p1"
|
||
|
- "SSH-2.0-OpenSSH_3.0.2"
|
||
|
- "SSH-2.0-OpenSSH_3.0.2p1"
|
||
|
- "SSH-2.0-OpenSSH_3.0p1"
|
||
|
- "SSH-2.0-OpenSSH_3.0.1"
|
||
|
- "SSH-2.0-OpenSSH_3.0.1p1"
|
||
|
- "SSH-2.0-OpenSSH_3.0"
|
||
|
- "SSH-2.0-OpenSSH_3.0p1"
|
||
|
- "SSH-2.0-OpenSSH_2.9p2"
|
||
|
- "SSH-2.0-OpenSSH_2.9.9"
|
||
|
- "SSH-2.0-OpenSSH_2.9.9p1"
|
||
|
- "SSH-2.0-OpenSSH_2.9"
|
||
|
- "SSH-2.0-OpenSSH_2.9p1"
|
||
|
- "SSH-2.0-OpenSSH_2.5.2p2"
|
||
|
- "SSH-2.0-OpenSSH_2.5.1p2"
|
||
|
- "SSH-2.0-OpenSSH_2.5.1p1"
|
||
|
- "SSH-2.0-OpenSSH_2.3.0p1"
|
||
|
- "SSH-2.0-OpenSSH_2.5.2p2"
|
||
|
- "SSH-2.0-OpenSSH_2.5.1p2"
|
||
|
- "SSH-2.0-OpenSSH_2.5.1p1"
|
||
|
- "SSH-2.0-OpenSSH_2.3.0p1"
|
||
|
- "SSH-2.0-OpenSSH_2.3"
|