OpenSSH < 7.9 Access Validation Error

medium Nessus Network Monitor Plugin ID 701157


The remote SSH server may be affected by an access validation error vulnerability.


The installed version of OpenSSH is prior to 7.9 and is affected by a access validation error vulnerability in OpenSSH through 7.8 that could be used by remote attackers to detect existence of users on a target system when GSS2 is in use.


Upgrade to OpenSSH 7.x version 7.9 or later.

See Also

Plugin Details

Severity: Medium

ID: 701157

Family: SSH

Published: 8/21/2019

Updated: 8/21/2019

Risk Information


Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: E:U/RL:OF/RC:C


Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: E:U/RL:U/RC:R

Vulnerability Information

CPE: cpe:/a:openbsd:openssh

Patch Publication Date: 8/28/2018

Vulnerability Publication Date: 8/28/2018

Reference Information

CVE: CVE-2018-15919

BID: 105163