[33722] in bugtraq

home help back first fref pref prev next nref lref last post

Re: AIX password enumeration possible

daemon@ATHENA.MIT.EDU (Sven Specker)
Mon Feb 16 01:58:20 2004

Date: Thu, 12 Feb 2004 11:01:10 +0100
From: Sven Specker <specker@rz.uni-frankfurt.de>
To: Scott J <mrbinary@yahoo.com>
Cc: specker@rz.uni-frankfurt.de, bugtraq@securityfocus.com
Message-Id: <20040212110110.5b3572ba.specker@rz.uni-frankfurt.de>
In-Reply-To: <20040206115118.31984.qmail@www.securityfocus.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Tested with AIX 5.1 ML05, Commercial SSH v3.2.2

Known account on yyyy set to rlogin=false, ssh allows only 1 connection attempt before error.


Case 1: Incorrect Password given.

user@xxxx:> ssh yyyy
user's password: 
warning: Authentication failed.
Disconnected; no more authentication methods available (No further authentication methods available.).


Case 2: Correct Password given.

user@xxxx:> ssh yyyy
user's password: 
warning: Authentication failed.
Disconnected; no more authentication methods available (No further authentication methods available.).


It seems as if the commercial ssh behaves differently and uses it's own messages. All r-services and telnet are no longer existant on our systems, so it appears to me that the easiest solution would be to use the commercial ssh and dump the r-services. That's seems the best way for ppl who are eligible to use the source release of the commercial ssh. 

Regards,

Sven Specker

-- 
__________________________________________________________________
*** Sven Specker -- University of Frankfurt Computing Center   ***
************ UNIX System Administration (NIM/Security) ***********
***** specker@rz.uni-frankfurt.de [Phone (+49)-69-798-25188] *****
******************************************************************
__________________________________________________________________		
		Johann Wolfgang Goethe Universitaet
 		- Hochschulrechenzentrum -
 		Senckenberganlage 31-33

 		D-60054 Frankfurt/Main
__________________________________________________________________
______________ TeX-users do it in {groups}________________________
home help back first fref pref prev next nref lref last post