Re: SSH password authentification and delays
On Sat, Apr 06, 2002 at 05:47:14PM +0200, Vincent wrote:
> Hi,
>
> I found something quite strange while fiddling with openssh on my
> firewall...
>
> If I try to login using a valid username and a bogus password, I get a
> slight delay before getting another 'password:' prompt. However, If I use a
> bogus username _and_ a bogus password, the prompt appears immediately.
>
> I tested this on an up-to-date woody system and a sid one, and both exhibit
> the same behavior. I cannot believe it is intended, as it could be easily
> used to guess valid usernames remotely with some kind of brute force
> scanner.
i noticed the same things if the user/pass are on a NIS server esported
to the machine i'm logging
cya
Samuele
--
Samuele Giovanni Tonon <samu@linuxasylum.net> http://www.linuxasylum.net/~samu/
Acid -- better living through chemistry.
Timothy Leary
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: