Home page logo
/

bugtraq logo Bugtraq mailing list archives

bsdbsdftpd-6.0-ssl-0.6.1-1 attack allows remote users identification
From: NetExpress <netexpress () tiscali it>
Date: Fri, 16 May 2003 08:59:30 +0200

Product bsbsdftpd-6.0-ssl-0.6.1-1 http://bsdftpd-ssl.sc.ru/

During a pen-test we have notice how is easy to identify valid users on
vulnerable systems, through a simple timing attack.

When I try to connect to ftp without ssl using a unreal user with bad password I get
immediatly response of incorrect login, when I use real user with bad
password I get 2 second of wait before get message of incorrect login.

It seems to be very nice to the recent CAN-2003-0190 about OpenSSH/PAM
timing attack allows remote users identification

I have tested this on Linux RH 7.3 and RH 8.0

I belive the vulnerability is easy to exploit and may have high
severity, if combined with poor password policies and other security
problems that allow local privilege escalation.


Alessandro Fiorenzi

a.fiorenzi () infogroup it aka netexpress

*------------------------------------------------------------------------
INFOGROUP S.P.A                 http://www.infogroup.it

-------------------------------------------------------------------------
DR. FIORENZI ALESSANDRO *

Consulente Tribunale Firenze - sicurezza informatica -
System Administrator
Socio CLUSIT <file:///home/fiore/signature/www.clusit.it>, ALSI <file:///home/fiore/signature/www.alsi.it>


Tel : +39.055.43.65.742
CE : +39.335.64.144.77
@Email : a.fiorenzi () infogroup it
PGP Key: http://www.infogroup.it/ds/fiorenzi.asc

/-------------------------------------------------------------------------
           *"Faber est suae quisque fortunae" *
-------------------------------------------------------------------------/

//









  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault