Bug in OpenSSH Opens Linux Machines to Password Cracking Attack
Jul 23, 2015
A simple but highly critical vulnerability recently disclosed in the most widely used OpenSSH software allows attackers to try thousands of password login attempts per connection in a short period. OpenSSH is the most popular software widely used for secure remote access to Linux-based systems. Generally, the software allows 3 to 6 Password login attempts before closing a connection, but a new vulnerability lets attackers perform thousands of authentication requests remotely . OpenSSH servers with keyboard-interactive authentication enabled , including FreeBSD Linux, can be exploited to carry out the brute force attack on OpenSSH protocol, a security researcher with online alias KingCope explained in a blog post . Exploit for the Vulnerability RELEASED Hackers could widely exploit the vulnerability because the keyboard-interactive authentication is by default enabled on most of the systems. Researcher has also released a proof-of-concept exploit code, which i
