Keyboard Interactive Attack?
Damien Miller
djm at mindrot.org
Thu Jul 23 11:08:54 AEST 2015
On Wed, 22 Jul 2015, Malcolm wrote:
> Keep in mind this is something that in some system configurations can gently
> assist a remote password cracker, and isn't an "exploit".
Yeah, it just reduces the number of connections an attacker has to make
to attempt password guessing. It doesn't speed up the guesses themselves
or evade failure delays for wrong guesses.
The patch is already committed as
https://anongit.mindrot.org/openssh.git/patch/?id=5b64f85bb811246c59ebab
and the plan is to release it in OpenSSH 7.0, which is due in a few weeks.
-d
More information about the openssh-unix-dev
mailing list