Yet another OpenSSH bug just discovered

Status
Not open for further replies.
S

soccer97

Level 11
Thread author
Verified
May 22, 2014
517
Content source
http://www.welivesecurity.com/2015/07/23/open-ssh-bug-opens-brute-force-attack-window/?utm_source=wls&utm_medium=twitter&utm_campaign=news
A new bug in Open SSH allows attackers to brute force attack Windows by having 2 minutes to use as many passwords as possibly, instead of being locked out at 6 or 8. I am not sure of the criticality of this bulletin, but is likely to affect multiple products.

Source: http://www.welivesecurity.com/2015/...urce=wls&utm_medium=twitter&utm_campaign=news (ESET's Blog).

I will try to leave the comments open for further interpretation.
 
  • Like
Reactions: Logethica
Enju

Enju

Level 9
Verified
Well-known
Jul 16, 2014
443
soccer97 said:
A new bug in Open SSH allows attackers to brute force attack Windows by having 2 minutes to use as many passwords as possibly, instead of being locked out at 6 or 8. I am not sure of the criticality of this bulletin, but is likely to affect multiple products.
Click to expand...
It doesn't allow to brute force Windows but instead Secure Shell (SSH) which is commonly used for administrative tasks on servers, tunneling and so on.
No important servers should be at risk since every competent administator uses a ssh key instead of a password (or not :p)...
 
S

soccer97

Level 11
Thread author
Verified
May 22, 2014
517
Enju said:
It doesn't allow to brute force Windows but instead Secure Shell (SSH) which is commonly used for administrative tasks on servers, tunneling and so on.
No important servers should be at risk since every competent administator uses a ssh key instead of a password (or not :p)...
Click to expand...

Ah, SSH'ing. I remember now back from school. We had fileshares and if we had permission and the need, we were allowed to SSH into the network for projects, etc.

We didn't have Admin privileges though.
 
  • Like
Reactions: Logethica
Status
Not open for further replies.

Similar threads

MuzzMelbourne
    • Like
Microsoft: Hackers hijack Linux systems using trojanized OpenSSH version
Replies
0
Views
1,024
News Archive
MuzzMelbourne
MuzzMelbourne
Gandalf_The_Grey
    • Like
    • +Reputation
New 'Looney Tunables' Linux bug gives root on major distros
Replies
2
Views
1,110
News Archive
nicolaasjan
nicolaasjan
I
    • Like
Security News Microsoft explains how Russian hackers spied on its executives
Replies
1
Views
1,033
Security News
Vitali Ortzi
Vitali Ortzi

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top