Date: Sat, 18 Jul 2015 18:10:17 -0500 From: Mark Felder <feld@FreeBSD.org> To: Mike Tancsa <mike@sentex.net>, freebsd-security@freebsd.org Subject: Re: OpenSSH max auth tries issue Message-ID: <1437261017.3368395.327186961.64104619@webmail.messagingengine.com> In-Reply-To: <55A95526.3070509@sentex.net> References: <55A95526.3070509@sentex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jul 17, 2015, at 14:19, Mike Tancsa wrote: > Not sure if others have seen this yet >=20 > ------------------ >=20 >=20 > https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-au= thentication-brute-force-vulnerability-maxauthtries-bypass/ >=20 > "OpenSSH has a default value of six authentication tries before it will > close the connection (the ssh client allows only three password entries > per default). >=20 > With this vulnerability an attacker is able to request as many password > prompts limited by the =E2=80=9Clogin graced time=E2=80=9D setting, that = is set to two > minutes by default." >=20 >=20 Does it produce multiple entries in the server logs? I'm curious if sshguard etc would detect this. If I understand what's going on, this might appear as if it's a single "session" and be able to bypass pf overload rules. I'll have to play around with it and see what it does.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1437261017.3368395.327186961.64104619>