OpenSSH S/KEY Authentication Account Enumeration

2007-04-21T22:58:35
ID OSVDB:34600
Type osvdb
Reporter Rembrandt(rembrandt@helith.org)
Modified 2007-04-21T22:58:35

Description

Vulnerability Description

OpenSSH, when configured to use S/KEY authentication, is prone to a remote information disclosure weakness. The issue occurs due to the S/KEY challenge/response system being used for valid accounts. If a remote attacker systematically attempts authentication against a list of usernames, they can watch the response to determine which accounts are valid.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

OpenSSH, when configured to use S/KEY authentication, is prone to a remote information disclosure weakness. The issue occurs due to the S/KEY challenge/response system being used for valid accounts. If a remote attacker systematically attempts authentication against a list of usernames, they can watch the response to determine which accounts are valid.

References:

Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0590.html Mail List Post: http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053951.html ISS X-Force ID: 33794 CVE-2007-2243 Bugtraq ID: 23601