[5224] in testers


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: sshd uses wrong replay cache for version 1

daemon@ATHENA.MIT.EDU (John Hawkinson)
Tue Jun 11 18:03:14 2002

Date: Tue, 11 Jun 2002 18:03:11 -0400
From: John Hawkinson <jhawk@MIT.EDU>
To: Sam Hartman <hartmans@MIT.EDU>
Cc: testers@MIT.EDU
Message-ID: <20020611220311.GB21753@multics.mit.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020611171950.814D4151FEF@industrial-algebra.mit.edu>

Sam Hartman <hartmans@MIT.EDU> wrote on Tue, 11 Jun 2002
at 13:19:50 -0400 in <20020611171950.814D4151FEF@industrial-algebra.mit.edu>:


> 
> At first I thought this could be exploited on systems with unencrypted
> rlogin enabled in order to gain rlogin access by sniffing the
> authenticators sent over the ssh session.  However, it turns out that
> since the Kerberos exchange is encrypted within the ssh session for
> version 1, I cannot think of a way to exploit this.

Isn't the kerberos exchange only encrypted for one of {openssh | ssh.com}?

--jhawk


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[5224] in testers

Re: sshd uses wrong replay cache for version 1

daemon@ATHENA.MIT.EDU (John Hawkinson)Tue Jun 11 18:03:14 2002

daemon@ATHENA.MIT.EDU (John Hawkinson)
Tue Jun 11 18:03:14 2002