Bugtraq mailing list archives
bsdbsdftpd-6.0-ssl-0.6.1-1 attack allows remote users identification
From: NetExpress <netexpress () tiscali it>
Date: Fri, 16 May 2003 08:59:30 +0200
Product bsbsdftpd-6.0-ssl-0.6.1-1 http://bsdftpd-ssl.sc.ru/ During a pen-test we have notice how is easy to identify valid users on vulnerable systems, through a simple timing attack.When I try to connect to ftp without ssl using a unreal user with bad password I get
immediatly response of incorrect login, when I use real user with bad password I get 2 second of wait before get message of incorrect login. It seems to be very nice to the recent CAN-2003-0190 about OpenSSH/PAM timing attack allows remote users identification I have tested this on Linux RH 7.3 and RH 8.0 I belive the vulnerability is easy to exploit and may have high severity, if combined with poor password policies and other security problems that allow local privilege escalation. Alessandro Fiorenzi a.fiorenzi () infogroup it aka netexpress *------------------------------------------------------------------------ INFOGROUP S.P.A http://www.infogroup.it ------------------------------------------------------------------------- DR. FIORENZI ALESSANDRO * Consulente Tribunale Firenze - sicurezza informatica - System AdministratorSocio CLUSIT <file:///home/fiore/signature/www.clusit.it>, ALSI <file:///home/fiore/signature/www.alsi.it>
Tel : +39.055.43.65.742 CE : +39.335.64.144.77 @Email : a.fiorenzi () infogroup it PGP Key: http://www.infogroup.it/ds/fiorenzi.asc /------------------------------------------------------------------------- *"Faber est suae quisque fortunae" * -------------------------------------------------------------------------/ //
Current thread:
- bsdbsdftpd-6.0-ssl-0.6.1-1 attack allows remote users identification NetExpress (May 16)
- Re: bsdbsdftpd-6.0-ssl-0.6.1-1 attack allows remote users identification Damian Gerow (May 16)
- Re: bsdbsdftpd-6.0-ssl-0.6.1-1 attack allows remote users identification NetExpress (May 16)
- Re: bsdbsdftpd-6.0-ssl-0.6.1-1 attack allows remote users identification Mika Boström (May 17)
- Re: bsdbsdftpd-6.0-ssl-0.6.1-1 attack allows remote users identification Damian Gerow (May 16)