An Interest In:
Web News this Week
- March 17, 2024
- March 16, 2024
- March 15, 2024
- March 14, 2024
- March 13, 2024
- March 12, 2024
- March 11, 2024
July 22, 2015 08:00 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/kSwxsGmm7ho/bug-exposes-openssh-servers-to-brute-force-password-guessing-attacks
Bug Exposes OpenSSH Servers To Brute-Force Password Guessing Attacks
itwbennett writes: OpenSSH servers with keyboard-interactive authentication enabled, which is the default setting on many systems, including FreeBSD ones, can be tricked to allow many authentication retries over a single connection, according to a security researcher who uses the online alias Kingcope, who disclosed the issue on his blog last week. According to a discussion on Reddit, setting PasswordAuthentication to 'no' in the OpenSSH configuration and using public-key authentication does not prevent this attack, because keyboard-interactive authentication is a different subsystem that also relies on passwords.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/kSwxsGmm7ho/bug-exposes-openssh-servers-to-brute-force-password-guessing-attacks
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot