CVE-2015-5600: openssh: MaxAuthTries limit bypass

CVE ID

CVE-2015-5600

DESCRIPTION

It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks.


 

RESOLUTION

Unitrends Risk Assessment: None with security updates 4/26/17 or later

Resolution:
Not vulnerable if “ChallengeResponseAuthentication no” in sshd_config.
Fixed in openssh-5.3p1-114.el6 and later. 

LINK TO ADVISORIES

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us