Keyboard Interactive Attack?
Ángel González
keisial at gmail.com
Thu Jul 23 09:00:33 AEST 2015
On 22/07/15 22:54, Bostjan Skufca wrote:
> I just stumbled upon this story too (on /.), and as far as I
> understand it, it allows a bit simpler way to perform brute force
> attacks.
Thanks for the pointer, Bostjan:
http://it.slashdot.org/story/15/07/22/1715244/bug-exposes-openssh-servers-to-brute-force-password-guessing-attacks
https://www.reddit.com/r/netsec/comments/3dnzcq/openssh_keyboardinteractive_authentication_brute/
https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/
More information about the openssh-unix-dev
mailing list