Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

ssh-2.0.12.brute.force.txt

🗓️ 17 Aug 1999 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 39 Views

SSH version 2.0.12 allows attackers to identify valid usernames through multiple password attempts.

Code
`Date: Wed, 9 Jun 1999 15:51:54 +0200  
From: [email protected]  
To: [email protected]  
Subject: ssh advirsory  
  
Aleph ... Sorry if it is an old bug ...  
  
  
i have tested a bug in ssh-2.0.12.  
  
any remote attacker can guess real account in the machine  
  
Details  
  
when a ssh client connects to the daemon it has a number ( default  
three ) of attempts to guess the correct password before  
disconnecting if you try to connect with a correct login, but  
you only have once if you try to connect with a no correct login.  
  
EXAMPLE  
  
alfonso is not user ( login ) in 192.168.0.1  
  
  
$ssh 192.168.0.1 -l alfonso  
alfonso's password: <hit ENTER key>  
  
Disconnected; authentication error (Authentication method disabled.).  
$  
  
altellez is user ( login ) in 192.168.0.1  
  
$ssh 192.168.0.1 -l altellez  
altellez's password: <hit ENTER key>  
altellez's password:  
  
Now the remote attacker known that altellez is a true login in  
192.168.0.1  
  
QUICK FIX  
  
Edit the file sshd2_config (usually at /etc/ssh2), set the value  
of "PasswordGuesses" to 1.  
  
I only has tested it with ssh-2.0.12  
  
  
  
--  
Saludos.  
  
===========================================================  
  
Alfonso Lazaro Tellez [email protected]  
Analista de seguridad   
IP6Seguridad http://www.ip6seguridad.com   
Tfno: +34 91-3430245 C\Alberto Alcocer 5, 1 D   
Fax: +34 91-3430294 Madrid ( SPAIN )  
===========================================================   
  
-------------------------------------------------------------------------------  
  
Date: Wed, 9 Jun 1999 15:23:23 -0500  
From: Jeff Long <[email protected]>  
To: [email protected]  
Subject: Re: ssh advirsory  
  
[email protected] wrote:  
>  
> Aleph ... Sorry if it is an old bug ...  
>  
>  
> i have tested a bug in ssh-2.0.12.  
>  
> any remote attacker can guess real account in the machine  
>  
> Details  
>  
> when a ssh client connects to the daemon it has a number ( default  
> three ) of attempts to guess the correct password before  
> disconnecting if you try to connect with a correct login, but  
> you only have once if you try to connect with a no correct login.  
>  
> EXAMPLE  
>  
> alfonso is not user ( login ) in 192.168.0.1  
>  
>  
> $ssh 192.168.0.1 -l alfonso  
> alfonso's password: <hit ENTER key>  
>  
> Disconnected; authentication error (Authentication method disabled.).  
> $  
  
Interesting, in my installation of 2.0.13 I don't even get one chance to  
enter a password when I use a login with no account on the machine:  
  
long@somehost[15:18:44]~ $ slogin -l jkashrj somehost  
  
Disconnected; authentication error (No further authentication methods  
available.).  
long@somehost[15:19:07]~ $  
  
  
Perhaps a misconfiguration on my part but I'd say that is bad behavior.  
  
Jeff Long  
  
-------------------------------------------------------------------------------  
  
Date: Wed, 9 Jun 1999 16:19:56 -0300  
From: [email protected]  
To: [email protected]  
Subject: Re: ssh advirsory  
  
On Wed, 9 Jun 1999 [email protected] wrote:  
  
> Details  
>  
> when a ssh client connects to the daemon it has a number ( default  
> three ) of attempts to guess the correct password before  
> disconnecting if you try to connect with a correct login, but  
> you only have once if you try to connect with a no correct login.  
>  
> EXAMPLE  
>  
> alfonso is not user ( login ) in 192.168.0.1  
>   
>  
> $ssh 192.168.0.1 -l alfonso  
> alfonso's password: <hit ENTER key>  
>   
> Disconnected; authentication error (Authentication method disabled.).  
> $  
>  
> altellez is user ( login ) in 192.168.0.1  
>  
> $ssh 192.168.0.1 -l altellez  
> altellez's password: <hit ENTER key>  
> altellez's password:  
>  
> Now the remote attacker known that altellez is a true login in  
> 192.168.0.1  
>  
> QUICK FIX  
>  
> Edit the file sshd2_config (usually at /etc/ssh2), set the value  
> of "PasswordGuesses" to 1.  
>   
> I only has tested it with ssh-2.0.12  
  
I just tried that error with ssh-2.0.13. It was more strange..  
  
  
--- [ unexistant user `unknown' ]  
  
local:~> ssh -lunknown 192.168.0.1  
  
Disconnected; authentication error (No further authentication methods available.).  
local:~>  
  
--- [ existant user `me' ]  
  
local:~> ssh -lme 192.168.0.1  
me's password: [<ENTER>]  
  
Disconnected; authentication error (Authentication method disabled.).  
local:~>  
  
--  
Delete yurself, you got no chance to win.  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4
ssh bugremote attackeraccount guessingquick fixpassword configuration.
39