Re: AIX password enumeration possible

To: Scott J <mrbinary@xxxxxxxxx>
Subject: Re: AIX password enumeration possible
From: Sven Specker <specker@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 12 Feb 2004 11:01:10 +0100
Cc: specker@xxxxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <20040206115118.31984.qmail@xxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: University of Frankfurt/Main -- Computing Center
References: <20040206115118.31984.qmail@xxxxxxxxxxxxxxxxxxxxx>

Tested with AIX 5.1 ML05, Commercial SSH v3.2.2

Known account on yyyy set to rlogin=false, ssh allows only 1 connection attempt 
before error.


Case 1: Incorrect Password given.

user@xxxx:> ssh yyyy
user's password: 
warning: Authentication failed.
Disconnected; no more authentication methods available (No further 
authentication methods available.).


Case 2: Correct Password given.

user@xxxx:> ssh yyyy
user's password: 
warning: Authentication failed.
Disconnected; no more authentication methods available (No further 
authentication methods available.).


It seems as if the commercial ssh behaves differently and uses it's own 
messages. All r-services and telnet are no longer existant on our systems, so 
it appears to me that the easiest solution would be to use the commercial ssh 
and dump the r-services. That's seems the best way for ppl who are eligible to 
use the source release of the commercial ssh. 

Regards,

Sven Specker

-- 
__________________________________________________________________
*** Sven Specker -- University of Frankfurt Computing Center   ***
************ UNIX System Administration (NIM/Security) ***********
***** specker@xxxxxxxxxxxxxxxxxxx [Phone (+49)-69-798-25188] *****
******************************************************************
__________________________________________________________________              
                Johann Wolfgang Goethe Universitaet
                - Hochschulrechenzentrum -
                Senckenberganlage 31-33

                D-60054 Frankfurt/Main
__________________________________________________________________
______________ TeX-users do it in {groups}________________________

References:
- AIX password enumeration possible
  - From: Scott J

Prev by Date: RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
Next by Date: Possible race condition in Symantec AntiVirus Scan Engine for Red Hat Linux during LiveUpdate
Previous by thread: Re: AIX password enumeration possible
Next by thread: Re: AIX password enumeration possible
Index(es):
- Date
- Thread