CVEs-PoC/2018/CVE-2018-15473.md

### [CVE-2018-15473](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15473)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

### POC

#### Reference
- https://www.exploit-db.com/exploits/45210/
- https://www.exploit-db.com/exploits/45233/
- https://www.exploit-db.com/exploits/45939/
- https://www.oracle.com/security-alerts/cpujan2020.html

#### Github
- https://github.com/0x3n0/WebMaping
- https://github.com/0xT11/CVE-POC
- https://github.com/0xrobiul/CVE-2018-15473
- https://github.com/1stPeak/CVE-2018-15473
- https://github.com/20142995/pocsuite
- https://github.com/20142995/sectool
- https://github.com/4xolotl/CVE-2018-15473
- https://github.com/66quentin/shodan-CVE-2018-15473
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/An0nYm0u5101/enumpossible
- https://github.com/Anmolsingh142/SSH-SHELL-TOOL
- https://github.com/Anonimo501/ssh_enum_users_CVE-2018-15473
- https://github.com/BrotherOfJhonny/OpenSSH7_7
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/CaioCGH/EP4-redes
- https://github.com/DINK74/45233.1.py
- https://github.com/Dirty-Racoon/CVE-2018-15473-py3
- https://github.com/FatemaAlHolayal/-WebMap-Nmap2
- https://github.com/GaboLC98/userenum-CVE-2018-15473
- https://github.com/GhostTroops/TOP
- https://github.com/InesMartins31/iot-cves
- https://github.com/JERRY123S/all-poc
- https://github.com/JoeBlackSecurity/SSHUsernameBruter-SSHUB
- https://github.com/LINYIKAI/CVE-2018-15473-exp
- https://github.com/MCYP-UniversidadReyJuanCarlos/20-21_celiso
- https://github.com/Moon1705/easy_security
- https://github.com/MrDottt/CVE-2018-15473
- https://github.com/Muhammd/nmap
- https://github.com/NCSU-DANCE-Research-Group/CDL
- https://github.com/NHPT/SSH-account-enumeration-verification-script
- https://github.com/NestyF/SSH_Enum_CVE-2018-15473
- https://github.com/Pixiel333/Pentest-Cheat-sheet
- https://github.com/RanadheerDanda/WebMap
- https://github.com/Rhynorater/CVE-2018-15473-Exploit
- https://github.com/RubenPortillo1001/Ciberseguridad-
- https://github.com/SECUREFOREST/WebMap
- https://github.com/SabyasachiRana/WebMap
- https://github.com/Sait-Nuri/CVE-2018-15473
- https://github.com/SamP10/VulnerableDockerfile
- https://github.com/Samuca-github/IPs-teste
- https://github.com/SexyBeast233/SecBooks
- https://github.com/ShangRui-hash/siusiu
- https://github.com/Th3S3cr3tAg3nt/WebMap
- https://github.com/Threekiii/Awesome-Exploit
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/W-GOULD/ssh-user-enumeration
- https://github.com/Wh1t3Fox/cve-2018-15473
- https://github.com/WildfootW/CVE-2018-15473_OpenSSH_7.7
- https://github.com/Yang8miao/prov_navigator
- https://github.com/akraas/6sense
- https://github.com/anaymalpani/nmapreport
- https://github.com/angry-bender/SUOPE
- https://github.com/ba56789/WebMap
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/bigb0x/CVE-2024-6387
- https://github.com/bioly230/THM_Skynet
- https://github.com/coollce/CVE-2018-15473_burte
- https://github.com/cved-sources/cve-2018-15473
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/cyberharsh/openssh
- https://github.com/drizzle888/CTFTools
- https://github.com/epi052/cve-2018-15473
- https://github.com/firatesatoglu/shodanSearch
- https://github.com/florianges/UsernameGenerator
- https://github.com/gbonacini/opensshenum
- https://github.com/gecr07/Acordeon
- https://github.com/gecr07/Brainfuck-HTB
- https://github.com/ghostwalkr/SUF
- https://github.com/gustavorobertux/patch_exploit_ssh
- https://github.com/hkm88/WebMap
- https://github.com/hktalent/TOP
- https://github.com/jbmihoub/all-poc
- https://github.com/jcradarsniper/WebMap
- https://github.com/josebeo2016/DAVScanner
- https://github.com/jpradoar/webmap
- https://github.com/jtesta/ga-test
- https://github.com/jtesta/ssh-audit
- https://github.com/kaio6fellipe/ssh-enum
- https://github.com/knadt/OpenSSH-Enumeration
- https://github.com/korbanbbt/tools-bbounty
- https://github.com/kshatyy/uai
- https://github.com/lnick2023/nicenice
- https://github.com/lp008/Hack-readme
- https://github.com/mclbn/docker-cve-2018-15473
- https://github.com/mrblue12-byte/CVE-2018-15473
- https://github.com/n00biekrakr/SpiderMap
- https://github.com/petitfleur/prov_navigator
- https://github.com/philippedixon/CVE-2018-15473
- https://github.com/provnavigator/prov_navigator
- https://github.com/pyperanger/CVE-2018-15473_exploit
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/r3dxpl0it/CVE-2018-15473
- https://github.com/sa7mon/vulnchest
- https://github.com/saifmbarki/wMapp
- https://github.com/scmanjarrez/CVEScannerV2
- https://github.com/secmode/enumpossible
- https://github.com/sergiovks/SSH-User-Enum-Python3-CVE-2018-15473
- https://github.com/sv0/webmap
- https://github.com/trickster1103/-
- https://github.com/trimstray/massh-enum
- https://github.com/vmmaltsev/13.1
- https://github.com/vshaliii/Basic-Pentesting-2-Vulnhub-Walkthrough
- https://github.com/vshaliii/DC-4-Vulnhub-Walkthrough
- https://github.com/vshaliii/Funbox2-rookie
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/whoami-chmod777/WebMap
- https://github.com/xbl3/awesome-cve-poc_qazbnm456