exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

PAM CAPTCHA User Enumeration

PAM CAPTCHA User Enumeration
Posted Jul 7, 2010
Authored by Ian Maguire

PAM CAPTCHA suffers from a user enumeration vulnerability.

tags | advisory
SHA-256 | 5d0e839a51d9062e9e47f0bc79a838a4442d42b96bc50b1e8d50ba213458eb4c

PAM CAPTCHA User Enumeration

Change Mirror Download
pam_captcha is visual text-based CAPTCHA challenge module for PAM that 
uses figlet to generate the CAPTCHAs.

Project site:
http://www.semicomplete.com/projects/pam_captcha/

A site with a screen shot:
http://www.michaelboman.org/how-to/securing-ssh-access-with-pam-captcha

I found a security problem with the pam_captcha. If you enter a username
that is not a valid user followed by the correct CAPTCHA, you do not get
prompted for a password. You simply get prompted for another CAPTCHA.
However, if you enter a username that is a valid user followed by the
correct CAPTCHA, you will get prompted for a password. This means an
attacker, or a script/bot could easily harvest a list of valid usernames
simply by whether or not it prompts for a password after a valid captcha
entry. I have duplicated this behavior in FreeBSD 8.0 which uses BSD's
OpenPAM. From what I have seen this module is not compatible with Linux-PAM.

I don't know enough C Fu to propose a patch. Until it is patched the
solution is to disable pam_captcha in your pam config file. The creator
of this module seems to think that using this module isn't really even
necessary.

http://www.semicomplete.com/blog/geekery/pam_captcha_research.html


- ian
Login or Register to add favorites

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close