Date: Thu, 23 Jul 2015 10:22:20 -0400 From: Mike Tancsa <mike@sentex.net> To: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: OpenSSH max auth tries issue Message-ID: <55B0F89C.7010101@sentex.net> In-Reply-To: <55A95526.3070509@sentex.net> References: <55A95526.3070509@sentex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 7/17/2015 3:19 PM, Mike Tancsa wrote: > ------------------ > https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/ > With this vulnerability an attacker is able to request as many password > prompts limited by the “login graced time” setting, that is set to two > minutes by default." > > There is a patch in the OpenSSH tree to mitigate this. Any chance on bringing this in before 10.2R ships ? https://anongit.mindrot.org/openssh.git/patch/?id=5b64f85bb811246c59ebab ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55B0F89C.7010101>