Bug 146882 - SSH allows attacker to divine root password
SSH allows attacker to divine root password
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: openssh (Show other bugs)
i386 Linux
medium Severity low
: ---
: ---
Assigned To: Tomas Mraz
Brian Brock
: Security
Depends On:
  Show dependency treegraph
Reported: 2005-02-02 09:52 EST by Tomas Mraz
Modified: 2007-11-30 17:06 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-06-02 10:31:30 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Tomas Mraz 2005-02-02 09:52:39 EST
*** This bug has been split off bug 141642 for RHEL2.1 ***

------- Original comment by George Toft on 2004.12.02 12:52 -------

From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET 
CLR 1.1.4322)

Description of problem:
With openssh configured to not allow remote root login 
(file: /etc/ssh/sshd_config, PermitRootLogin no), an attempt to log 
in remotely as root with the wrong password results in a 3 second 
delay followed by:
Permission denied, please try again.

If the correct password is entered, there is no delay before 
presenting the message:
Permission denied, please try again.

An attacker could measure the time between rejections with an attack 
tool and determine the root password.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Set "PermitRootLogin no" in /etc/ssh/sshd_config
2. Restart sshd: service sshd restart
3. From remote machine, attempt remote login to server.  Alternately, 
ssh localhost.
4. Enter bogus password - view error after 3 seconds.
5. Enter correct password - view error immediately with no delay.


Actual Results:  no delay presented when correct password is entered

Expected Results:  3 second delay before presenting "Permission 
denied, please try again."

Additional info:
Comment 1 Josh Bressers 2005-06-02 10:31:30 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.