[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] OpenSSH User Enumeration Time-Based Attack

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] OpenSSH User Enumeration Time-Based Attack
From: Florian Reinholz <reinholz@xxxxxxx>
Date: Fri, 12 Jul 2013 06:22:23 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11.07.2013 17:41, Jann Horn wrote:
> On Wed, Jul 10, 2013 at 03:38:59PM +0200, Curesec Research Team
> wrote:
>> By testing several OpenSSH installations we figured there is a
>> delay of time when it comes to cracking users (not) existing on a
>> system. A normal Brute-force-Attack tests for the correct user
>> and password combination, usually without knowledge if the user
>> on the system exists.
> 
> FYI, the openssh guys have known this for quite a while and they
> don't treat it as an issue worth fixing. They don't want to
> introduce extra anti-timing code just to prevent user enumeration
> from working.
> 
> You can also see a measurable difference when you try logging in
> with random public RSA keys – around 100% difference over
> localhost, over the internet it's much lower, but with a few
> attempts, you can still get good data. Well, for systems that have
> password auth enabled, your approach seems a lot more reliable.
> 
> By the way: If you can hog the CPU for seconds by sending a few
> kilobytes of data, isn't that a DoS issue?
> 
> 
> 
> _______________________________________________ Full-Disclosure -
> We believe in it. Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
> sponsored by Secunia - http://secunia.com/
> 

Agree. Tested the approach against various systems, virtual and real,
using different endpoints, and it does not reveal anything useful.

I dont think that "int(time.time()) [...] if timeRes > 20:" is very
efficient or even an accurate way for user estimation.
It never took more than 3s to refuse the login attempt, regardless the
users exists or not. Even "DenyUsers" did not change anything.

Anyways, using a more accurate timing it might be possible to reveal
something useful...

- -Florian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13-SpecialBuild (MingW32)
Comment: Protect messages and files using GnuPG and OpenSSL!
Comment: The GnuPG-Pack: http://home.arcor.de/rose-indorf
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iD8DBQFR34R/yzosym+CqfMRAlR9AKC1NHl74knXpufksEiBdaPyRYbaRgCgjPw3
jtFrF6BbS0MoR0JoXPfqKOw=
=VK4t
-----END PGP SIGNATURE-----

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] OpenSSH User Enumeration Time-Based Attack
  - From: Grandma Eubanks

References:
- [Full-disclosure] OpenSSH User Enumeration Time-Based Attack
  - From: Curesec Research Team
- Re: [Full-disclosure] OpenSSH User Enumeration Time-Based Attack
  - From: Jann Horn

Prev by Date: Re: [Full-disclosure] Abusing Windows 7 Recovery Process
Next by Date: [Full-disclosure] XSS and CS vulnerabilities in TinyMCE Image Manager
Previous by thread: Re: [Full-disclosure] OpenSSH User Enumeration Time-Based Attack
Next by thread: Re: [Full-disclosure] OpenSSH User Enumeration Time-Based Attack
Index(es):
- Date
- Thread