|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
OpenSSH: bypassing MaxAuthTries via KbdInteractiveDevices
Synthesis of the vulnerability
An attacker can bypass the MaxAuthTries directive of OpenSSH, in order to perform a brute force attack.
Vulnerable software: Blue Coat CAS, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, McAfee NSP, McAfee Web Gateway, Data ONTAP, OpenSSH, Oracle Communications, Solaris, pfSense, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity of this announce: 2/4.
Consequences of an intrusion: user access/rights.
Attacker's origin: intranet client.
Creation date: 20/07/2015.
Références of this computer vulnerability: 9010048, bulletinoct2015, CERTFR-2015-AVI-431, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, cpujul2018, CVE-2015-5600, DLA-1500-1, DLA-1500-2, FEDORA-2015-11981, FEDORA-2015-13469, FreeBSD-SA-15:16.openssh, JSA10697, JSA10774, JSA10840, K17113, NTAP-20151106-0001, RHSA-2015:2088-06, RHSA-2016:0466-01, SB10157, SB10164, SOL17113, SUSE-SU-2015:1581-1, SYMSA1337, USN-2710-1, USN-2710-2, VIGILANCE-VUL-17455.
Description of the vulnerability
The OpenSSH server uses the MaxAuthTries configuration directive to define the maximal number of authentication trials during a session.
The OpenSSH client uses the KbdInteractiveDevices option to define the list of authentication methods.
However, if the client uses "KbdInteractiveDevices=pam,pam,pam,etc.", the number of MaxAuthTries is multiplied. The limit thus becomes LoginGraceTime (10 minutes by default).
An attacker can therefore bypass the MaxAuthTries directive of OpenSSH, in order to perform a brute force attack.
Full Vigil@nce bulletin... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides computer vulnerability patches. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.