Re: OpenSSH User Enumeration Time-Based Attack

[Jann Horn <jann+libev () thejh net>]

On Wed, Jul 10, 2013 at 03:38:59PM +0200, Curesec Research Team wrote:
> By testing several OpenSSH installations we figured there is a delay of
> time when it comes to cracking users (not) existing on a system. A
> normal Brute-force-Attack tests for the correct user and password
> combination, usually without knowledge if the user on the system exists.

FYI, the openssh guys have known this for quite a while and they don't
treat it as an issue worth fixing. They don't want to introduce extra
anti-timing code just to prevent user enumeration from working.

You can also see a measurable difference when you try logging in with
random public RSA keys – around 100% difference over localhost, over the
internet it's much lower, but with a few attempts, you can still get good
data. Well, for systems that have password auth enabled, your approach seems
a lot more reliable.

By the way: If you can hog the CPU for seconds by sending a few kilobytes
of data, isn't that a DoS issue?

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/