Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 146882 - SSH allows attacker to divine root password
SSH allows attacker to divine root password
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: openssh (Show other bugs)
2.1
i386 Linux
medium Severity low
: ---
: ---
Assigned To: Tomas Mraz
Brian Brock
impact=low,public=20041130
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-02-02 09:52 EST by Tomas Mraz
Modified: 2007-11-30 17:06 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-06-02 10:31:30 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2005:481 normal SHIPPED_LIVE Low: openssh security update 2005-06-02 00:00:00 EDT

  None (edit)
Description Tomas Mraz 2005-02-02 09:52:39 EST 
*** This bug has been split off bug 141642 for RHEL2.1 ***

------- Original comment by George Toft on 2004.12.02 12:52 -------

From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET 
CLR 1.1.4322)

Description of problem:
With openssh configured to not allow remote root login 
(file: /etc/ssh/sshd_config, PermitRootLogin no), an attempt to log 
in remotely as root with the wrong password results in a 3 second 
delay followed by:
Permission denied, please try again.

If the correct password is entered, there is no delay before 
presenting the message:
Permission denied, please try again.

An attacker could measure the time between rejections with an attack 
tool and determine the root password.



Version-Release number of selected component (if applicable):
3.1p1-14

How reproducible:
Always

Steps to Reproduce:
1. Set "PermitRootLogin no" in /etc/ssh/sshd_config
2. Restart sshd: service sshd restart
3. From remote machine, attempt remote login to server.  Alternately, 
ssh localhost.
4. Enter bogus password - view error after 3 seconds.
5. Enter correct password - view error immediately with no delay.

    

Actual Results:  no delay presented when correct password is entered

Expected Results:  3 second delay before presenting "Permission 
denied, please try again."

Additional info:
Comment 1 Josh Bressers 2005-06-02 10:31:30 EDT 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-481.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.