On 17/07/15 10:04, king cope wrote: > OpenSSH has a default value of six authentication tries before it will > close the connection (the ssh client allows only three password > entries per default). > > With this vulnerability an attacker is able to request as many > password prompts limited by the “login graced time” setting, that is > set to two minutes by default. > > Especially FreeBSD systems are affected by the vulnerability because > they have keyboard-interactive authentication enabled by default. > > A simple way to exploit the bug is to execute this command: > > ssh -lusername -oKbdInteractiveDevices=`perl -e 'print "pam," x > 10000'` targethost > > This will effectively allow up to 10000 password entries limited by > the login grace time setting. > > The crucial part is that if the attacker requests 10000 > keyboard-interactive devices openssh will gracefully execute the > request and will be inside a loop to accept passwords until the > specified devices are exceeded. > > Here is a patch for openssh-6.9p1 that will allow to use a wordlist > and any passwords piped to the ssh process to be used in order to > crack passwords remotely. > >
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment