Home page logo

bugtraq logo Bugtraq mailing list archives

Re: OpenSSH & S/Key information leakage
From: "Pavel Kankovsky" <peak () argo troja mff cuni cz>
Date: Sun, 18 Nov 2001 21:40:45 +0100 (MET)

On Thu, 15 Nov 2001, Alan J Rosenthal wrote:

A login prompt for a non-account looks like this:

      login: flomp
      otp-md5 175 at2078 ext

So far, so good.  But press return once or twice to get "Login incorrect"
(or make a new conection), and then do

      login: flomp
      otp-md5 220 at0624 ext

Either the user just set a new passphrase in this one-second interval, or
"flomp" does not exist.

Seed the PRNG generating this fake challenge with the given username and
nothing but the username (and perhaps some *static* secret data).

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]