ssh-2.0.12.brute.force.txt

ssh-2.0.12.brute.force.txt: Posted Aug 17, 1999; ssh-2.0.12 allows remote attacker to verify userids.; tags | exploit, remote, cracker; SHA-256 | e159897760527f3e3ce7099c6ed5cf87f3e973ff81e295ebe8d0293cedadc7d1; Download | Favorite | View

ssh-2.0.12.brute.force.txt

Date: Wed, 9 Jun 1999 15:51:54 +0200
From: altellez@IP6SEGURIDAD.COM
To: BUGTRAQ@netspace.org
Subject: ssh advirsory

        Aleph ... Sorry if it is an old bug ...
        

        i have tested a bug in ssh-2.0.12.
        
        any remote attacker can guess  real account in the machine

        Details

        when a ssh client connects to the daemon it has a number ( default
        three ) of attempts to guess the correct password before
        disconnecting if you try to connect with a correct login, but
        you only have once if you try to connect with a no correct login.

        EXAMPLE

        alfonso is not user ( login ) in 192.168.0.1
        

        $ssh 192.168.0.1 -l alfonso
        alfonso's password: <hit ENTER key>
        
        Disconnected; authentication error (Authentication method disabled.).
        $

        altellez is user ( login ) in 192.168.0.1

        $ssh 192.168.0.1 -l altellez
        altellez's password: <hit ENTER key>
        altellez's password:

        Now the remote attacker known that altellez is a true login in
        192.168.0.1

        QUICK FIX

        Edit the file sshd2_config (usually at /etc/ssh2), set the value
        of "PasswordGuesses" to 1.
        
        I only has tested it with ssh-2.0.12



--
Saludos.

===========================================================

   Alfonso Lazaro Tellez        altellez@ip6seguridad.com
   Analista de seguridad        
   IP6Seguridad                 http://www.ip6seguridad.com  
   Tfno: +34 91-3430245         C\Alberto Alcocer 5, 1 D        
   Fax:  +34 91-3430294         Madrid ( SPAIN )
===========================================================  

-------------------------------------------------------------------------------

Date: Wed, 9 Jun 1999 15:23:23 -0500
From: Jeff Long <long@KESTREL.CC.UKANS.EDU>
To: BUGTRAQ@netspace.org
Subject: Re: ssh advirsory

altellez@IP6SEGURIDAD.COM wrote:
>
>         Aleph ... Sorry if it is an old bug ...
>
>
>         i have tested a bug in ssh-2.0.12.
>
>         any remote attacker can guess  real account in the machine
>
>         Details
>
>         when a ssh client connects to the daemon it has a number ( default
>         three ) of attempts to guess the correct password before
>         disconnecting if you try to connect with a correct login, but
>         you only have once if you try to connect with a no correct login.
>
>         EXAMPLE
>
>         alfonso is not user ( login ) in 192.168.0.1
>
>
>         $ssh 192.168.0.1 -l alfonso
>         alfonso's password: <hit ENTER key>
>
>         Disconnected; authentication error (Authentication method disabled.).
>         $

Interesting, in my installation of 2.0.13 I don't even get one chance to
enter a password when I use a login with no account on the machine:

long@somehost[15:18:44]~ $ slogin -l jkashrj somehost

Disconnected; authentication error (No further authentication methods
available.).
long@somehost[15:19:07]~ $


Perhaps a misconfiguration on my part but I'd say that is bad behavior.

Jeff Long

-------------------------------------------------------------------------------

Date: Wed, 9 Jun 1999 16:19:56 -0300
From: cseg@WIRETECH.COM.BR
To: BUGTRAQ@netspace.org
Subject: Re: ssh advirsory

On Wed, 9 Jun 1999 altellez@IP6SEGURIDAD.COM wrote:

>       Details
>
>       when a ssh client connects to the daemon it has a number ( default
>       three ) of attempts to guess the correct password before
>       disconnecting if you try to connect with a correct login, but
>       you only have once if you try to connect with a no correct login.
>
>       EXAMPLE
>
>       alfonso is not user ( login ) in 192.168.0.1
>       
>
>       $ssh 192.168.0.1 -l alfonso
>       alfonso's password: <hit ENTER key>
>       
>       Disconnected; authentication error (Authentication method disabled.).
>       $
>
>       altellez is user ( login ) in 192.168.0.1
>
>       $ssh 192.168.0.1 -l altellez
>       altellez's password: <hit ENTER key>
>       altellez's password:
>
>       Now the remote attacker known that altellez is a true login in
>       192.168.0.1
>
>       QUICK FIX
>
>       Edit the file sshd2_config (usually at /etc/ssh2), set the value
>       of "PasswordGuesses" to 1.
>       
>       I only has tested it with ssh-2.0.12

  I just tried that error with ssh-2.0.13. It was more strange..


  --- [ unexistant user `unknown' ]

  local:~> ssh -lunknown 192.168.0.1

  Disconnected; authentication error (No further authentication methods available.).
  local:~>

 --- [ existant user `me' ]

 local:~> ssh -lme 192.168.0.1
 me's password: [<ENTER>]

 Disconnected; authentication error (Authentication method disabled.).
 local:~>

--
Delete yurself, you got no chance to win.

Top Authors In Last 30 Days

Red Hat 221 files
Ubuntu 59 files
Debian 30 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,298)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,550)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,453)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

ssh-2.0.12.brute.force.txt

ssh-2.0.12.brute.force.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

ssh-2.0.12.brute.force.txt

Share This

ssh-2.0.12.brute.force.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems