OpenSSH max auth tries issue
Mike Tancsa
mike at sentex.net
Fri Jul 17 19:18:42 UTC 2015
Not sure if others have seen this yet
------------------
https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/
"OpenSSH has a default value of six authentication tries before it will
close the connection (the ssh client allows only three password entries
per default).
With this vulnerability an attacker is able to request as many password
prompts limited by the “login graced time” setting, that is set to two
minutes by default."
--
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
More information about the freebsd-security
mailing list