Full Disclosure mailing list archives
Re: OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass)
From: Reed Loden <reed () reedloden com>
Date: Sat, 18 Jul 2015 14:23:40 -0700
On Friday, July 17, 2015, <devel () roosoft ltd uk> wrote:
Do you know if this is still affected if you have fail2ban in place. Fail2ban uses the auth logs to monitor failed password attempts. I assume that the auth log is still updated even if x number of attempts is allowed. Thanks
http://www.reddit.com/r/netsec/comments/3dnzcq/openssh_keyboardinteractive_authentication_brute/ct726ni goes over this question pretty well, so as not to rehash everything. ~reed _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass) king cope (Jul 17)
- Re: OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass) devel (Jul 18)
- Re: OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass) Reed Loden (Jul 18)
- Re: OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass) Dirk-Willem van Gulik (Jul 21)
- Re: OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass) Reed Loden (Jul 18)
- Re: OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass) devel (Jul 18)