141642 – SSH allows attacker to divine root password

Bug 141642 - SSH allows attacker to divine root password

Summary: SSH allows attacker to divine root password

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 3
Classification:	Red Hat
Component:	openssh
Sub Component:
Version:	3.0
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	low
Target Milestone:	---
Assignee:	Tomas Mraz
QA Contact:
Docs Contact:
URL:
Whiteboard:	impact=low,public=20041130
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-12-02 17:52 UTC by George Toft
Modified:	2007-11-30 22:07 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-05-18 13:48:34 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2005:106	0	normal	SHIPPED_LIVE	Low: openssh security update	2005-05-18 04:00:00 UTC

Description George Toft 2004-12-02 17:52:00 UTC

From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET 
CLR 1.1.4322)

Description of problem:
With openssh configured to not allow remote root login 
(file: /etc/ssh/sshd_config, PermitRootLogin no), an attempt to log 
in remotely as root with the wrong password results in a 3 second 
delay followed by:
Permission denied, please try again.

If the correct password is entered, there is no delay before 
presenting the message:
Permission denied, please try again.

An attacker could measure the time between rejections with an attack 
tool and determine the root password.



Version-Release number of selected component (if applicable):
3.1p1-14

How reproducible:
Always

Steps to Reproduce:
1. Set "PermitRootLogin no" in /etc/ssh/sshd_config
2. Restart sshd: service sshd restart
3. From remote machine, attempt remote login to server.  Alternately, 
ssh localhost.
4. Enter bogus password - view error after 3 seconds.
5. Enter correct password - view error immediately with no delay.

    

Actual Results:  no delay presented when correct password is entered

Expected Results:  3 second delay before presenting "Permission 
denied, please try again."

Additional info:

Comment 1 Josh Bressers 2004-12-02 21:10:13 UTC

This issue affects RHEL3 and RHEL2.1.

Comment 2 Michal Jaegermann 2004-12-08 18:22:58 UTC

Back-envelope estimates seem to show that with a 3 second delay
between trials a dictionary attack of the sort desribed will
get to perform, in optimal conditions, something between 2500
and 3000 probes per 24 hours.  If an attack with such rate against
any password, not mentioning the one for root, has realistic chances
to succeed then the system in question has much more serious
problems to worry about.

Not that this is not a hole but just to keep things in a proportion.

Comment 3 Mark J. Cox 2005-03-21 16:39:20 UTC

A fix for this minor issue will be included in RHSA-2005:106 scheduled for
inclusion in Update 5.

Comment 4 Tim Powers 2005-05-18 13:48:34 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-106.html

Note You need to log in before you can comment on or make changes to this bug.