Re: Keyboard Interactive Attack?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Thanks for clarification.

One question though:
As far as I have tested openssh, it logs every unsuccessful
authentication attempt on the very moment it becomes unsuccessful, not
after the connection is closed (after timeout or when reaching max
auth attempts). Is this true or not even for this attack or not?

Because if it is true, if there is a IDS system that bans IP after X
failed logins, there should not be any problem. But if logging is
deferred for any reason, then IDS can not detect the attack in timely
manner.



b.


On 23 July 2015 at 01:03, mancha <mancha1@xxxxxxxx> wrote:
> On Wed, Jul 22, 2015 at 07:41:54PM +0000, Scott Neugroschl wrote:
>> I read an article today about keyboard interactive auth allowing
>> bruteforcing.
>>
>> I'm afraid I have minimal understanding of what keyboard-interactive
>> really does.  What does it do, and should I have my clients set it to
>> off in sshd_config?
>
> Hi.
>
> A bug in the keyboard-interactive codebase allows querying a
> keyboard-interactive device more than once per auth request.
>
> By sending a comma-delimited keyboard-interactive device list with
> repeats (e.g. "pam, pam, pam, ..."), one can circumvent an OpenSSH
> server's MaxAuthTries restriction.
>
> That's the crux of the issue.
>
> Attached patch fixes.
>
> --mancha
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@xxxxxxxxxxx
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux