ID de Prueba:	1.3.6.1.4.1.25623.1.0.11574
Categoría:	Misc.
Título:	Portable OpenSSH PAM timing attack
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is running a SSH server which can allow an attacker to determine the existence of a given login by comparing the time the remote sshd daemon takes to refuse a bad password for a non-existent login compared to the time it takes to refuse a bad password for a valid login. An attacker may use this flaw to set up a brute force attack against the remote host. Solution : Disable PAM support if you do not use it, upgrade to the newest version of OpenSSH Risk factor : Low
Referencia Cruzada:	BugTraq ID: 7342 BugTraq ID: 7467 BugTraq ID: 7482 BugTraq ID: 11781 Common Vulnerability Exposure (CVE) ID: CVE-2003-0190 http://www.securityfocus.com/bid/7467 Bugtraq: 20030430 OpenSSH/PAM timing attack allows remote users identification (Google Search) http://marc.info/?l=bugtraq&m=105172058404810&w=2 Bugtraq: 20030806 [OpenPKG-SA-2003.035] OpenPKG Security Advisory (openssh) (Google Search) http://marc.info/?l=bugtraq&m=106018677302607&w=2 http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004815.html http://lab.mediaservice.net/advisory/2003-01-openssh.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A445 http://www.redhat.com/support/errata/RHSA-2003-222.html http://www.redhat.com/support/errata/RHSA-2003-224.html TurboLinux Advisory: TLSA-2003-31 http://www.turbolinux.com/security/TLSA-2003-31.txt
Copyright	This script is Copyright (C) 2004 Tenable Network Security

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.