CVE-2013-4434 PoC — Dropbear SSH Server ‘svr-auth.c’ 用户枚举漏洞

Source

https://github.com/styx00/Dropbear_CVE-2013-4434

Associated Vulnerability

Title:Dropbear SSH Server ‘svr-auth.c’ 用户枚举漏洞 (CVE-2013-4434)
Description:Dropbear SSH Server是Matt Johnston软件开发者所研发的一款开源的小型SSH服务器和客户端，它可运行在基于POSIX（可移植操作系统接口）的各种平台上。 Dropbear SSH Server 2013.59之前的版本中存在安全漏洞，该漏洞源于程序在验证用户期间存在错误。远程攻击者可利用该漏洞发现有效的用户名。

Description

Dropbear user enumeration (CVE-2013-4434) PoC

Readme

# Dropbear_CVE-2013-4434

**dropbear_CVE-2013-4434.sh**
  * This script checks for [CVE-2013-4434] (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4434). Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to discover valid usernames.

File Snapshot


 [4.0K]  /data/pocs/25b93fb1e91d512be13eac3920f072886b32782b
├── [2.0K]  dropbear_CVE-2013-4434.sh
└── [ 381]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!