Show filters
2 Total Results
Displaying 1-2 of 2
Sort by:
Attacker Value


Disclosure Date: December 30, 2020 (last updated January 05, 2021)
Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599.
Attacker Value


Disclosure Date: August 21, 2018 (last updated June 05, 2020)
The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase.