OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| openbsd | openssh | 7.7 | - |
| debian | debian_linux | - | - |
| debian | debian_linux | - |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
28
Affected Products
36
References
openbsd / openssh
| - |
| redhat | enterprise_linux_desktop | - | - |
| redhat | enterprise_linux_desktop | - | - |
| redhat | enterprise_linux_server | - | - |
| redhat | enterprise_linux_server | - | - |
| redhat | enterprise_linux_workstation | - | - |
| redhat | enterprise_linux_workstation | - | - |
| canonical | ubuntu_linux | - | - |
| canonical | ubuntu_linux | - | - |
| canonical | ubuntu_linux | - | - |
| netapp | cn1610_firmware | - | - |
| netapp | aff_baseboard_management_controller | - | - |
| netapp | cloud_backup | - | - |
| netapp | data_ontap_edge | - | - |
| netapp | fas_baseboard_management_controller | - | - |
| netapp | oncommand_unified_manager | 9.4 | - |
| netapp | ontap_select_deploy | - | - |
| netapp | service_processor | - | - |
| netapp | steelstore_cloud_integrated_storage | - | - |
| netapp | virtual_storage_console | 7.2 | - |
| netapp | clustered_data_ontap | - | - |
| netapp | data_ontap | - | - |
| netapp | vasa_provider | 7.2 | - |
| netapp | storage_replication_adapter | 7.2 | - |
| oracle | sun_zfs_storage_appliance_kit | - | - |
| siemens | scalance_x204rna_firmware | 3.2.7 | - |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability
Impact