Openssh use enumeration
coredump at autistici.org
Tue Jul 19 23:10:48 AEST 2016
Hi, sorry I don't know if I send this to the correct channel.
I have notice that OpenSSH has recognized the presence of the user
enumeration as a vulnerability,
I want to make an appreciation, this is a old vulnerability
already announced three years ago.
I would like to point out that there is another vulnerability present in
the bug, it's possible in certain circumstances to provoke a DOS
condition in the access to the ssh server, I made a brief study of this
and included this attack in my tool that exploit this vulnerability:
It's necessary to request another CVE-ID for the DOS attack?
At least, I think it should be clarified in the announce of the
More information about the openssh-unix-dev