OpenSSH max auth tries issue
Mike Tancsa
mike at sentex.net
Thu Jul 23 14:22:26 UTC 2015
On 7/17/2015 3:19 PM, Mike Tancsa wrote:
> ------------------
> https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/
> With this vulnerability an attacker is able to request as many password
> prompts limited by the “login graced time” setting, that is set to two
> minutes by default."
>
>
There is a patch in the OpenSSH tree to mitigate this. Any chance on
bringing this in before 10.2R ships ?
https://anongit.mindrot.org/openssh.git/patch/?id=5b64f85bb811246c59ebab
---Mike
--
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
More information about the freebsd-security
mailing list