vulnerability announce CVE-2009-1273

pam_ssh: user detection

Synthesis of the vulnerability

An attacker can detect if a username is valid by looking at the pam_ssh prompt.

Severity: 1/4. Creation date: 01/04/2009.

Impacted products

• Fedora
• Unix - plateform

Description of the vulnerability

The pam_ssh PAM module handles the authentication using the SSH protocol. When an attacker enters a valid username, pam_ssh displays "SSH passphrase". When an attacker enters an invalid username, pam_ssh displays "Password". An attacker can therefore use a brute force attack to detect valid usernames.

Share this bulletin

Complete Vigil@nce bulletin

pam_ssh: user detection

Characteristics

Title: pam_ssh: user detection. Keywords: PAM Password SSH detection pam_ssh user. Identifiers: 263579, 492153, CVE-2009-1273, FEDORA-2009-3500, FEDORA-2009-3627, VIGILANCE-VUL-8587.

Information sources

Publications and announces Source example: Bug 263579 - ssh service exploitable if pam compiled with USE=ssh (usernames can be verified)

Solutions for this vulnerability

Patch or workaround

Supplements

Attack Exploit 0day or proof of concept

Computer vulnerabilities tracking service

Vigil@nce provides a software vulnerability management. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.