Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bug in OpenSSH Opens Linux Machines to Password Cracking Attack


  • Please log in to reply
1 reply to this topic

#1 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,570 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:09:14 PM

Posted 23 July 2015 - 05:00 PM

 

A simple but highly critical vulnerability recently disclosed in the most widely used OpenSSH software allows attackers to try thousands of password login attempts per connection in a short period.
 
OpenSSH is the most popular software widely used for secure remote access to Linux-based systems. Generally, the software allows 3 to 6 Password login attempts before closing a connection, but a new vulnerability lets attackers perform thousands of authentication requests remotely.
 
OpenSSH servers with keyboard-interactive authentication enabled, including FreeBSD Linux, can be exploited to carry out the brute force attack on OpenSSH protocol, a security researcher with online alias KingCope explained in a blog post.
 
 

Exploit for the Vulnerability RELEASED

 

 

 

Bug in OpenSSH Opens Linux Machines to Password Cracking Attack

BC AdBot (Login to Remove)

 


#2 DeimosChaos

DeimosChaos

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:06:14 AM

Posted 24 July 2015 - 11:09 AM

This is why if you have an ssh server at home, you disable password log ins and use just key authentication. No way to use the vulnerability if you don't even have password authentication turned on.


OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users