Bugtraq mailing list archives
Re: OpenSSH/PAM timing attack allows remote users identification
From: Karl-Heinz Haag <k.haag () linux-ag com>
Date: Fri, 2 May 2003 02:56:31 +0200
Quoting Marco Ivaldi (raptor () mediaservice net):
Security Advisory @ Mediaservice.net Srl (#01, 30/04/2003) Data Security Division Title: OpenSSH/PAM timing attack allows remote users identification Application: OpenSSH-portable <= 3.6.1p1 Platform: Linux, maybe others Description: A remote attacker can identify valid users on vulnerable systems, all PAM-enabled systems are potentially affected Author: Marco Ivaldi <raptor () mediaservice net> Contributors: Maurizio Agazzini <inode () mediaservice net>, Solar Designer <solar () openwall com>, Andrea Ghirardini <pila () pilasecurity com> Vendor Status: OpenSSH team notified on 12/04/2003, vendor-sec list notified on 28/04/2003 CVE Candidate: The Common Vulnerabilities and Exposures project has assigned the name CAN-2003-0190 to this issue. References: http://lab.mediaservice.net/advisory/2003-01-openssh.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0190 1. Abstract. During a pen-test we stumbled across a nasty bug in OpenSSH-portable with PAM support enabled (via the --with-pam configure script switch). This bug allows a remote attacker to identify valid users on vulnerable systems, through a simple timing attack. The vulnerability is easy to exploit and may have high severity, if combined with poor password policies and other security problems that allow local privilege escalation. 2. Example Attack Session. root@voodoo:~# ssh [valid_user]@lab.mediaservice.net [valid_user]@lab.mediaservice.net's password: <- arbitrary (non-null) string [2 secs delay] Permission denied, please try again. root@voodoo:~# ssh [no_such_user]@lab.mediaservice.net [no_such_user]@lab.mediaservice.net's password: <- arbitrary (non-null) string [no delay] Permission denied, please try again. 4. Fix.
The "Fix" is to encourage all users/admins of OpenSSH to _only_ work with key authentication (preferable only ssh2 protocol) on all ssh servers. Switch the default: PasswordAuthentication yes Into: PasswordAuthentication no in sshd_config In combination with the default "RSAAuthentication yes" it results in: ,-------- | kh@i4x:~$ ssh dodo@i4x <-dodo=no_such_user | [no delay] | Permission denied (publickey). `-------- The same as: ,-------- | kh@i4x:~$ ssh root@i4x | [no delay] | Permission denied (publickey). `-------- That would be my 2Cent. Karl-Heinz
Attachment:
_bin
Description:
Current thread:
- Re: OpenSSH/PAM timing attack allows remote users identification Ethan Benson (May 01)
- Re: OpenSSH/PAM timing attack allows remote users identification Nicolas Couture (May 02)
- Re: OpenSSH/PAM timing attack allows remote users identification Marco Ivaldi (May 05)
- <Possible follow-ups>
- Re: OpenSSH/PAM timing attack allows remote users identification Nicolas Couture (May 01)
- Re: OpenSSH/PAM timing attack allows remote users identification ilja van sprundel (May 02)
- Re: OpenSSH/PAM timing attack allows remote users identification Thilo Schulz (May 02)
- Re: OpenSSH/PAM timing attack allows remote users identification Marco Ivaldi (May 02)
- Re: OpenSSH/PAM timing attack allows remote users identification Michael Shigorin (May 02)
- Re: OpenSSH/PAM timing attack allows remote users identification Marco Ivaldi (May 02)
- Re: OpenSSH/PAM timing attack allows remote users identification Karl-Heinz Haag (May 02)