OpenSSH Username Password Complexity Account Enumeration

2007-02-13T00:37:06
ID OSVDB:32721
Type osvdb
Reporter Marco Ivaldi(raptor@0xdeadbeef.info)
Modified 2007-02-13T00:37:06

Description

Vulnerability Description

OpenSSH, when deployed under specific but not fully researched conditions, is prone to a remote information disclosure weakness. The issue likely occurs when manually set shadowed passwords are used, which causes OpenSSH to spend extra time during the authentication sequence. This timing discrepancy can be used by a remote attacker to possibly determine which accounts are valid.

Technical Description

After the issue was disclosed, several researches could not reproduce this on a variety of platforms. At present, the published research suggests this issue may only manifest on specific platforms and/or dependent on system specific settings such as manually set passwords.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

OpenSSH, when deployed under specific but not fully researched conditions, is prone to a remote information disclosure weakness. The issue likely occurs when manually set shadowed passwords are used, which causes OpenSSH to spend extra time during the authentication sequence. This timing discrepancy can be used by a remote attacker to possibly determine which accounts are valid.

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0237.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0143.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0124.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0136.html Generic Exploit URL: http://milw0rm.com/exploits/3303 CVE-2006-5229 Bugtraq ID: 20418