Hi there,
is Gargoyle vulnerable, and if so, will there be patched versions available?
https://www.bleepingcomputer.com/news/s ... o-decades/
Regards
Ektus.
SSH username enumeration bug CVE-2018-15473
Moderator: Moderators
Re: SSH username enumeration bug CVE-2018-15473
Gargoyle uses dropbear by default rather than OpenSSH.
so, no.
If users have replaced dropbear themselves, they may be vulnerable.
Anyone exposing the SSH port to the WAN is also doing themselves a disservice.
By default, SSH is not allowed from WAN.
so, no.
If users have replaced dropbear themselves, they may be vulnerable.
Anyone exposing the SSH port to the WAN is also doing themselves a disservice.
By default, SSH is not allowed from WAN.
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
Please be respectful when posting. I do this in my free time on a volunteer basis.
Re: SSH username enumeration bug CVE-2018-15473
Addendum to my last post.
Yes gargoyle is likely affected by a different (but related) CVE
https://security-tracker.debian.org/tra ... 2018-15599
which DOES affect Dropbear.
It will be patched before 1.11.0. Backporting security fixes for 1.10.x is not likely in my opinion.
Yes gargoyle is likely affected by a different (but related) CVE
https://security-tracker.debian.org/tra ... 2018-15599
which DOES affect Dropbear.
It will be patched before 1.11.0. Backporting security fixes for 1.10.x is not likely in my opinion.
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
Please be respectful when posting. I do this in my free time on a volunteer basis.