Bugtraq mailing list archives

Re: OpenSSH/PAM timing attack allows remote users identification

From: Karl-Heinz Haag <k.haag () linux-ag com>
Date: Fri, 2 May 2003 02:56:31 +0200

Quoting Marco Ivaldi (raptor () mediaservice net):

Security Advisory                                     @ Mediaservice.net Srl
(#01, 30/04/2003)                                     Data Security Division

         Title:       OpenSSH/PAM timing attack allows remote users identification
   Application:       OpenSSH-portable <= 3.6.1p1
      Platform:       Linux, maybe others
   Description:       A remote attacker can identify valid users on vulnerable
              systems, all PAM-enabled systems are potentially affected
        Author:       Marco Ivaldi <raptor () mediaservice net>
  Contributors: Maurizio Agazzini <inode () mediaservice net>,
              Solar Designer <solar () openwall com>,
              Andrea Ghirardini <pila () pilasecurity com>
 Vendor Status: OpenSSH team notified on 12/04/2003,
              vendor-sec list notified on 28/04/2003
 CVE Candidate: The Common Vulnerabilities and Exposures project has assigned
              the name CAN-2003-0190 to this issue.
    References: http://lab.mediaservice.net/advisory/2003-01-openssh.txt
              http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0190

1. Abstract.

During a pen-test we stumbled across a nasty bug in OpenSSH-portable with PAM
support enabled (via the --with-pam configure script switch). This bug allows a 
remote attacker to identify valid users on vulnerable systems, through a simple
timing attack. The vulnerability is easy to exploit and may have high severity,
if combined with poor password policies and other security problems that allow 
local privilege escalation.

2. Example Attack Session.

root@voodoo:~# ssh [valid_user]@lab.mediaservice.net
[valid_user]@lab.mediaservice.net's password: <- arbitrary (non-null) string
[2 secs delay]
Permission denied, please try again.

root@voodoo:~# ssh [no_such_user]@lab.mediaservice.net
[no_such_user]@lab.mediaservice.net's password:       <- arbitrary (non-null) string
[no delay]
Permission denied, please try again.

4. Fix.



The "Fix" is to encourage all users/admins of OpenSSH to _only_ work 
with key authentication (preferable only ssh2 protocol) on all ssh servers. 


Switch the default: 
PasswordAuthentication yes

Into: 
PasswordAuthentication no

in sshd_config

In combination with the default "RSAAuthentication yes" it results in: 

,--------
|       kh@i4x:~$ ssh dodo@i4x          <-dodo=no_such_user
|       [no delay]
|       Permission denied (publickey).
`--------

The same as: 
,--------
|       kh@i4x:~$ ssh root@i4x
|       [no delay]
|       Permission denied (publickey).
`--------

That would be my 2Cent. 

Karl-Heinz

Attachment: _bin
Description:

Current thread:

Re: OpenSSH/PAM timing attack allows remote users identification Ethan Benson (May 01)
- Re: OpenSSH/PAM timing attack allows remote users identification Nicolas Couture (May 02)
- Re: OpenSSH/PAM timing attack allows remote users identification Marco Ivaldi (May 05)
- <Possible follow-ups>
- Re: OpenSSH/PAM timing attack allows remote users identification Nicolas Couture (May 01)
- Re: OpenSSH/PAM timing attack allows remote users identification ilja van sprundel (May 02)
- Re: OpenSSH/PAM timing attack allows remote users identification Thilo Schulz (May 02)
  - Re: OpenSSH/PAM timing attack allows remote users identification Marco Ivaldi (May 02)
- Re: OpenSSH/PAM timing attack allows remote users identification Michael Shigorin (May 02)
  - Re: OpenSSH/PAM timing attack allows remote users identification Marco Ivaldi (May 02)
- Re: OpenSSH/PAM timing attack allows remote users identification Karl-Heinz Haag (May 02)