OpenSSH 7.7 - Username Enumeration
The attacker can try to authenticate a user with a malformed packet (for example, a truncated packet), and:
-
if the user is invalid (it does not exist), then userauth_pubkey() returns immediately, and the server sends an SSH2_MSG_USERAUTH_FAILURE to the attacker;
-
if the user is valid (it exists), then sshpkt_get_u8() fails, and the server calls fatal() and closes its connection to the attacker.
Usage of the Library is Very Simple and it can be used just in few lines
python <target> --port <port> --userlist <username_file>
- Redhat Enterprise Linux 7
- Redhat Enterprise Linux 6
- Trustix Secure Enterprise Linux 2.0
- Trustix Secure Linux 2.2
- Trustix Secure Linux 2.1
- Trustix Secure Linux 2.0
- Redhat Enterprise Linux 5
- OpenSSH OpenSSH 3.4
- OpenSSH OpenSSH 3.3
- Openwall Openwall GNU/*/Linux (Owl)-current
- OpenSSH OpenSSH 2.9
- FreeBSD FreeBSD 4.6 -RELEASE
- FreeBSD FreeBSD 4.6
- FreeBSD FreeBSD 4.5 -RELEASE
- FreeBSD FreeBSD 4.5
- OpenSSH OpenSSH 2.5.2
- Caldera OpenUnix 8.0
- Caldera UnixWare 7.1.1
- Wirex Immunix OS 6.2
- OpenSSH OpenSSH 2.5.1
- NetBSD NetBSD 1.5.1
- S.u.S.E. Linux Database Server 0
- S.u.S.E. Linux Firewall on CD
- S.u.S.E. SuSE eMail Server III
- SCO Open Server 5.0.6 a
- SCO Open Server 5.0.6
- SCO Open Server 5.0.5
- SCO Open Server 5.0.4
- SCO Open Server 5.0.3
- SCO Open Server 5.0.2
- SCO Open Server 5.0.1
- SCO Open Server 5.0
- SuSE Linux 7.3
- SuSE Linux 7.2
- SuSE Linux 7.1
- SuSE SUSE Linux Enterprise Server 7
- OpenSSH OpenSSH 2.5
- OpenSSH OpenSSH 2.3
- SuSE Linux 7.0 sparc
- SuSE Linux 7.0 ppc
- SuSE Linux 7.0 i386
- SuSE Linux 7.0 alpha
- SuSE Linux 6.4 ppc
- SuSE Linux 6.4 i386
- SuSE Linux 6.4 alpha
- OpenSSH OpenSSH 2.1.1
- SuSE Linux 7.0 sparc
- SuSE Linux 7.0 ppc
- SuSE Linux 7.0 i386
- SuSE Linux 7.0 alpha
- OpenSSH OpenSSH 2.1
- OpenSSH OpenSSH 1.2.3
- Blue Coat Systems Security Gateway OS 2.1.5001 SP1
- OpenSSH OpenSSH 1.2.2
- OpenSSH OpenSSH 7.7
- OpenSSH OpenSSH 7.6
- OpenSSH OpenSSH 7.4
- OpenSSH OpenSSH 7.3
- OpenSSH OpenSSH 7.2
- OpenSSH OpenSSH 7.1
- OpenSSH OpenSSH 7.0
- OpenSSH OpenSSH 6.9
- OpenSSH OpenSSH 6.8
- OpenSSH OpenSSH 6.7
- NetBSD NetBSD 1.5.1
- S.u.S.E. Linux Database Server 0
- S.u.S.E. Linux Firewall on CD
- S.u.S.E. Linux Live-CD for Firewall
- S.u.S.E. SuSE eMail Server III
- SCO Open Server 5.0.6 a
- SCO Open Server 5.0.6
- SCO Open Server 5.0.5
- SCO Open Server 5.0.4
- SCO Open Server 5.0.3
- SCO Open Server 5.0.2
- SCO Open Server 5.0.1
- SCO Open Server 5.0
- SuSE Linux 7.3
- SuSE Linux 7.2
- SuSE Linux 7.1
- SuSE SUSE Linux Enterprise Server 7
- OpenSSH OpenSSH 6.6
- OpenSSH OpenSSH 6.5
- OpenSSH OpenSSH 6.4
- OpenSSH OpenSSH 6.3
- OpenSSH OpenSSH 6.2
- OpenSSH OpenSSH 6.1
- OpenSSH OpenSSH 6.0
- OpenSSH OpenSSH 5.8
- OpenSSH OpenSSH 5.7
- OpenSSH OpenSSH 5.6
- OpenSSH OpenSSH 5.5
- OpenSSH OpenSSH 4.5
- OpenSSH OpenSSH 1.127
- OpenSSH OpenSSH 1.126
- OpenBSD OpenSSH 6.0
- OpenBSD OpenSSH 3.0.2
- OpenBSD OpenSSH 2.5.2
- OpenBSD OpenSSH 2.3.1
- OpenBSD OpenBSD 2.8
- OpenBSD OpenBSD 2.7
- OpenBSD OpenBSD 2.6
- OpenBSD OpenSSH 2.1
- OpenBSD OpenSSH 1.2.3
- Debian Linux 2.2 sparc
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 arm
- Debian Linux 2.2 alpha
- Debian Linux 2.2 68k
- Debian Linux 2.2
- OpenBSD OpenSSH 1.2
- OpenBSD OpenSSH 6.6
- OpenBSD OpenSSH 6.5
- OpenBSD OpenSSH 6.4
- OpenBSD OpenSSH 5.9
- OpenBSD OpenSSH 5.8
- OpenBSD OpenSSH 5.7
- OpenBSD OpenSSH 5.4
- OpenBSD OpenSSH 5.2
- OpenBSD OpenSSH 5.1
- OpenBSD OpenSSH 4.9
- OpenBSD OpenSSH 4.8
- OpenBSD OpenSSH 4.7
- OpenBSD OpenSSH 4.6
- OpenBSD OpenSSH 4.4
- OpenBSD OpenSSH 4.3
- OpenBSD OpenSSH 4.2
- OpenBSD OpenSSH 4.1
- OpenBSD OpenSSH 4.0