[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] OpenSSH - System Account Enumeration if S/Key is used

To: Stanislaw Klekot <dozzie@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] OpenSSH - System Account Enumeration if S/Key is used
From: rembrandt <rembrandt@xxxxxxxxxx>
Date: Tue, 24 Apr 2007 15:30:32 +0200

On Tue, 24 Apr 2007 11:10:27 +0200
Stanislaw Klekot <dozzie@xxxxxxxxxxxxxxxxxxxxxx> wrote:

> On Sat, Apr 21, 2007 at 02:27:17AM +0200, rembrandt wrote:
> > As you can see clearly OpenSSH discloses the existence of system accounts.
> > A possible solution for this problem would be to print a fake S/Key-Request
> > even for non existing users as well as it`s done with the 
> > Passwordauthentication.
> 
> This issue is known not only for S/Key, but for OPIE (PAM version) as
> well, although it's a bit different for the latter.
> 
> Look closer to challenge message. There's salt and key number included.
> Consider now three logins: first isn't valid account on the target
> system, second is valid but without OTP set, and third with OTP set.
> First two are indistinguishable for attacker as in these cases system
> presents random challenge, but for third account system will present the
> same challenge over and over again.
> 
> How about that?
> 
> -- 
> Stanislaw Klekot

Dear Stanislaw,

I know that the issue is not related to S/Key only but I had reasons to
just write about S/KEY so far.

I did not played with PAM because I`ve no OS wich supports it.
But your example should also allow to determine existing user accounts
because it`s pretty familiar with the S/KEY issue.

There`s propably only just one solution to solve such issues.
The OS has to present the uniq Challenges even for non existing user.

By this I mean the OS has to fake realy everything and also has to
decrese the specific values (like a user logged in).
During a specific amount of time (lets take 2 weeks as default) the OS
could fake the Challange requests this way:

opt-md5 97 some12345
(f.e. 2 hours later)
opt-md5 96 some12345
(f.e. 13 days later)
opt-md5 2 some12345

I hope you get the idea.
The OS does not have to store any Hashs anywhere.
In fact those things could get faked:

opt-&ALGO <- just choose some, it just has to be the same for a while
Count <- Well just decrese it during a specific period so that it isn`t
         always the same nor does jump from f.e. 100 to 44 if a
         attacker checks for this account twice a day.
Seed <- Could get handled like the &ALGO, so it just has to be the same
        for a specific time.

I`m pretty sure these things can get done and also that it should be
familiar for PAM/OPIE or any other Challange-Response system.

I hope I answered to everything you wanted to know. :-)

Kind regards,
Rembrandt

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] OpenSSH - System Account Enumeration if S/Key is used
  - From: rembrandt
- Re: [Full-disclosure] OpenSSH - System Account Enumeration if S/Key is used
  - From: Stanislaw Klekot

Prev by Date: [Full-disclosure] ASA-2007-010: Two stack buffer overflows in SIP channel's T.38 SDP parsing code
Next by Date: Re: [Full-disclosure] Apache/PHP REQUEST_METHOD XSS Vulnerability
Previous by thread: Re: [Full-disclosure] OpenSSH - System Account Enumeration if S/Key is used
Next by thread: Re: [Full-disclosure] OpenSSH - System Account Enumeration if S/Key is used
Index(es):
- Date
- Thread