Bug#281595: timing attack allows attacker to determine valid usernames
On Tue, Nov 16, 2004 at 03:11:07PM -0500, Joey Hess wrote:
> Package: ssh
> Version: 1:3.8.1p1-8.sarge.2
> Severity: serious
> Tags: security
>
> CAN-2003-0190 describes a flaw in ssh's password prompt timing which
> makes it easy for an attacker to determine if a username exists on a
> machine. I've checked and testing and unstable's versions of ssh are
> vulnerable. Details and some fixes are in this message:
> http://marc.theaimsgroup.com/?l=bugtraq&m=105172058404810&w=2
>
> Feel free to downgrade this bug if you don't feel it's a real security
> problem or not RC. I assume upstream must not, since the problem has not
> been fixed in over a year. Of course, upstream problably doesn't use ssh
> in the vulnerable configuration, with pam.
I think it's been somewhat fixed upstream (where upstream == portable),
actually:
20040530
[...]
- (dtucker) [auth-pam.c] Use an invalid password for root if
PermitRootLogin != yes or the login is invalid, to prevent leaking
information. Based on Openwall's owl-always-auth patch. ok djm@
However, that's only PAM password authentication, and
keyboard-interactive is relevant too. Darren, do you happen to know if
kbdint has been fixed in the same way in 3.9p1? I don't see anything
obvious in CVS.
Thanks,
--
Colin Watson [cjwatson@debian.org]
Reply to: