OpenSSH brute force cracking Vulnerability
OpenSSH brute force cracking Vulnerability
Release date:
Updated on:
Affected Systems:
OpenSSH <= 6.9
Description:
OpenSSH is a free open-source implementation of the SSH (Secure SHell) protocol. The SSH protocol family can be used for remote control or file transfer between computers.
OpenSSH 6.9 in interactive keyboard Authentication Mode and servers of earlier versions have a security vulnerability in the implementation of identity authentication. This vulnerability allows attackers to execute a large number of logon attempts within the time window, launch a brute-force guess attack.
<* Source: anonymous
*>
Suggestion:
Vendor patch:
OpenSSH
-------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.openssh.com/
Install and configure OpenSSH in Ubuntu Server 13.10
Install OpenSSH remotely on Ubuntu
Solve the latency problem during remote login through OpenSSH
Offline installation of OpenSSH in Ubuntu 12.10
OpenSSH upgrade steps and precautions
Solutions for failures of common OpenSSH users
General thread: OpenSSH key management, Part 1 Understanding RSA/DSA authentication
Install OpenSSH and configure the sftp lock directory for RedHat
OpenSSL details: click here
OpenSSL: click here
This article permanently updates the link address: