Openssh use enumeration
C0r3dump3d
coredump at autistici.org
Tue Jul 19 23:10:48 AEST 2016
Hi, sorry I don't know if I send this to the correct channel.
I have notice that OpenSSH has recognized the presence of the user
enumeration as a vulnerability,
http://seclists.org/fulldisclosure/2016/Jul/51 (CVE-2016-6210).
I want to make an appreciation, this is a old vulnerability
already announced three years ago.
https://blog.curesec.com/article/blog/OpenSSH-User-Enumeration-Time-Based-Attack-20.html
http://seclists.org/fulldisclosure/2013/Jul/88
http://www.behindthefirewalls.com/2014/07/openssh-user-enumeration-time-based.html
I would like to point out that there is another vulnerability present in
the bug, it's possible in certain circumstances to provoke a DOS
condition in the access to the ssh server, I made a brief study of this
possibility here:
https://www.devconsole.info/?p=382
and included this attack in my tool that exploit this vulnerability:
https://github.com/c0r3dump3d/osueta
It's necessary to request another CVE-ID for the DOS attack?
At least, I think it should be clarified in the announce of the
vulnerability.
Regards.
More information about the openssh-unix-dev
mailing list