6 matches found
Linux: SSH PasswordAuthentication
sshd reads configuration data from /etc/ssh/sshdconfig or the file specified with -f on the command line. The file contains keyword-argument pairs, one per line. Lines starting with Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
FreeBSD < 10.3-RELEASE-p21 / 11.0 < 11.0-RELEASE-p12 / 11.1 < 11.1-RELEASE-p1 OpenSSH Password Length DoS (FreeBSD-SA-17:06.openssh)
The version of the FreeBSD kernel running on the remote host is prior to 10.3-RELEASE-p21, 11.0 prior to 11.0-RELEASE-p12, or 11.1 prior to 11.1-RELEASE-p1. It, therefore, affected by a flaw in built-in password authentication in OpenSSH. An unauthenticated, remote attacker can exploit this issue...
FreeBSD -- OpenSSH Denial of Service vulnerability
Problem Description: There is no limit on the password length. Impact: A remote attacker may be able to cause an affected SSH server to use excessive amount of CPU by sending very long passwords, when PasswordAuthentication is enabled by the system administrator...
FreeBSD-SA-17:06.openssh
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-17:06.openssh Security Advisory The FreeBSD Project Topic: OpenSSH Denial of Service vulnerability Category: contrib Module: OpenSSH Announced: 2017-08-10...
Debian DLA-42-1 : live-config security update
A vulnerability against Debian Live, the live systems project, was reported. The default, the live images include a SSH server allowing for log in with default user and password. This fix set PasswordAuthentication in /etc/ssh/sshdconfig as 'no'. NOTE: Tenable Network Security has extracted the...
[DLA 42-1] live-config security update
Package : live-config Version : 2.0.15-1.1+deb6u1 Debian Bug : 741678 A vulnerability against Debian Live, the live systems project, was reported. The default, the live images include a SSH server allowing for log in with default user and password. This fix set PasswordAuthentication in...