Re: About OpenSSH "user enumeration" / CVE-2018-15473

[Damien Miller <djm () mindrot org>]

On Sat, 25 Aug 2018, Solar Designer wrote:

> This could mean an extra getpwnam(3) call, which is a slightly greater
> timing leak than what's present in one call. That may be further
> mitigated by always doing two calls. Of course, this won't be anywhere
> near timing-safe anyway.
>
> Now, it can be tricky to pick a specific fallback username in
> OpenSSH-portable that we'd be OK with all non-existent usernames to
> behave similarly to. "root" may somewhat likely have unusual password
> hash (like it historically did on OpenBSD); "nobody" likely has its
> password locked (but maybe that's OK - it is in fact common for SSH
> users to have only public keys setup, and no passwords). Maybe there
> should be a way to override this dummy username in sshd_config.

That sounds like a fair amount of complexity in return for scant
benefit: at best you dodge a few (IMO uninteresting) bugs, but now you
are guaranteed to have all your authz code exposed to a the attacker.

Moreover, using a "real fake" account gives a timing / system behaviour
baseline too. It might be harder to discern, but techniques for making
remote observations of subtle system side-channels are scarily well-
developed, and I'm sure that it would be pretty easy to spot if people
applied them.

-d