1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Bug exposes OpenSSH servers to brute-force password guessing attacks

Discussion in 'Network World' started by RSS, Jul 22, 2015.

  1. RSS

    RSS New Member Member

    A bug in OpenSSH, the most popular software for secure remote access to UNIX-based systems, could allow attackers to bypass authentication retry restrictions and execute many password guesses.

    A security researcher who uses the online alias Kingcope disclosed the issue on his blog last week, but he only requested a public vulnerability ID to be assigned Tuesday.

    By default, OpenSSH servers allow six authentication retries before closing a connection and the OpenSSH client allows three incorrect password entries, Kingcope said.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page