OpenSSH User Enumeration Vulnerability: a Close Look

Intro An OpenSSH user enumeration vulnerability (CVE-2018-15473) became public via a GitHub commit. This vulnerability does not produce a list of valid usernames, but it does allow guessing of usernames. In this blog post, we take a closer look at this vulnerability and propose mitigation and monitoring actions. Technical details This vulnerability manifests itself in […]