Bug 141642 - SSH allows attacker to divine root password
SSH allows attacker to divine root password
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: openssh (Show other bugs)
i386 Linux
medium Severity low
: ---
: ---
Assigned To: Tomas Mraz
: Security
Depends On:
  Show dependency treegraph
Reported: 2004-12-02 12:52 EST by George Toft
Modified: 2007-11-30 17:07 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-05-18 09:48:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description George Toft 2004-12-02 12:52:00 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET 
CLR 1.1.4322)

Description of problem:
With openssh configured to not allow remote root login 
(file: /etc/ssh/sshd_config, PermitRootLogin no), an attempt to log 
in remotely as root with the wrong password results in a 3 second 
delay followed by:
Permission denied, please try again.

If the correct password is entered, there is no delay before 
presenting the message:
Permission denied, please try again.

An attacker could measure the time between rejections with an attack 
tool and determine the root password.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Set "PermitRootLogin no" in /etc/ssh/sshd_config
2. Restart sshd: service sshd restart
3. From remote machine, attempt remote login to server.  Alternately, 
ssh localhost.
4. Enter bogus password - view error after 3 seconds.
5. Enter correct password - view error immediately with no delay.


Actual Results:  no delay presented when correct password is entered

Expected Results:  3 second delay before presenting "Permission 
denied, please try again."

Additional info:
Comment 1 Josh Bressers 2004-12-02 16:10:13 EST
This issue affects RHEL3 and RHEL2.1.
Comment 2 Michal Jaegermann 2004-12-08 13:22:58 EST
Back-envelope estimates seem to show that with a 3 second delay
between trials a dictionary attack of the sort desribed will
get to perform, in optimal conditions, something between 2500
and 3000 probes per 24 hours.  If an attack with such rate against
any password, not mentioning the one for root, has realistic chances
to succeed then the system in question has much more serious
problems to worry about.

Not that this is not a hole but just to keep things in a proportion.
Comment 3 Mark J. Cox (Product Security) 2005-03-21 11:39:20 EST
A fix for this minor issue will be included in RHSA-2005:106 scheduled for
inclusion in Update 5.
Comment 4 Tim Powers 2005-05-18 09:48:34 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.