Yet another OpenSSH bug just discovered

Status
Not open for further replies.
S

soccer97

Level 11
Thread author
Verified
Forum Veteran
May 22, 2014
516
766
967
Content source
http://www.welivesecurity.com/2015/07/23/open-ssh-bug-opens-brute-force-attack-window/?utm_source=wls&utm_medium=twitter&utm_campaign=news
A new bug in Open SSH allows attackers to brute force attack Windows by having 2 minutes to use as many passwords as possibly, instead of being locked out at 6 or 8. I am not sure of the criticality of this bulletin, but is likely to affect multiple products.

Source: http://www.welivesecurity.com/2015/...urce=wls&utm_medium=twitter&utm_campaign=news (ESET's Blog).

I will try to leave the comments open for further interpretation.
 
  • Like
Reactions: Logethica
soccer97 said:
A new bug in Open SSH allows attackers to brute force attack Windows by having 2 minutes to use as many passwords as possibly, instead of being locked out at 6 or 8. I am not sure of the criticality of this bulletin, but is likely to affect multiple products.
Click to expand...
It doesn't allow to brute force Windows but instead Secure Shell (SSH) which is commonly used for administrative tasks on servers, tunneling and so on.
No important servers should be at risk since every competent administator uses a ssh key instead of a password (or not :p)...
 
Enju said:
It doesn't allow to brute force Windows but instead Secure Shell (SSH) which is commonly used for administrative tasks on servers, tunneling and so on.
No important servers should be at risk since every competent administator uses a ssh key instead of a password (or not :p)...
Click to expand...

Ah, SSH'ing. I remember now back from school. We had fileshares and if we had permission and the need, we were allowed to SSH into the network for projects, etc.

We didn't have Admin privileges though.
 
  • Like
Reactions: Logethica
Status
Not open for further replies.

You may also like...