|
|
Info |
Last Modified |
| 7 months ago |
|
|
|
|
Description |
OpenSSH, when deployed under specific but not fully researched conditions, is prone to a remote information disclosure weakness. The issue likely occurs when manually set shadowed passwords are used, which causes OpenSSH to spend extra time during the authentication sequence. This timing discrepancy can be used by a remote attacker to possibly determine which accounts are valid.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Information Disclosure
Impact:
Loss of Confidentiality
Exploit:
Exploit Available
|
|
Technical |
After the issue was disclosed, several researches could not reproduce this on a variety of platforms. At present, the published research suggests this issue may only manifest on specific platforms and/or dependent on system specific settings such as manually set passwords.
|
|
Solution |
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
|
|
Products |
|
OpenSSH
 |
4.1 |
|
|
|
|
Credit |
- Marco Ivaldi - raptor
 0xdeadbeef.info - Antifork Research, Inc.
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
