[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] OpenSSH User Enumeration Time-Based Attack

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] OpenSSH User Enumeration Time-Based Attack
From: security curmudgeon <jericho@xxxxxxxxxxxxx>
Date: Thu, 11 Jul 2013 14:24:19 -0500 (CDT)

What you describe is CVE-2006-5229. While the CVE description does notexplicitly say "long passwords", it does cover the general idea. Read themail list posts associated with it and it shows people testing based onminor differences in password length. Stands to reason that 39,000characters would apply.


http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-5229

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] TWSL2013-018: Multiple Vulnerabilities in OpenEMR
Next by Date: Re: [Full-disclosure] Abusing Windows 7 Recovery Process
Previous by thread: Re: [Full-disclosure] OpenSSH User Enumeration Time-Based Attack
Next by thread: [Full-disclosure] VULNERABLE (3rd party) components in Adobe Reader 11.0.03, and dangling reference to Acrobat.exe
Index(es):
- Date
- Thread