Keyboard Interactive Attack?

Ángel González keisial at gmail.com
Thu Jul 23 09:00:33 AEST 2015


On 22/07/15 22:54, Bostjan Skufca wrote:
> I just stumbled upon this story too (on /.), and as far as I
> understand it, it allows a bit simpler way to perform brute force
> attacks.

Thanks for the pointer, Bostjan:
http://it.slashdot.org/story/15/07/22/1715244/bug-exposes-openssh-servers-to-brute-force-password-guessing-attacks
https://www.reddit.com/r/netsec/comments/3dnzcq/openssh_keyboardinteractive_authentication_brute/
https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/



More information about the openssh-unix-dev mailing list