Here we are again... During a recent penetration test i stumbled upon yet
another OpenSSH timing leak, leading to remote disclosure of valid
usernames. It's not as big as the one i found in the past (CVE-2003-0190),
but it can indeed be exploited over the Internet, nevertheless.
Here we are again... During a recent penetration test i stumbled upon yet
another OpenSSH timing leak, leading to remote disclosure of valid
usernames. It's not as big as the one i found in the past (CVE-2003-0190),
but it can indeed be exploited over the Internet, nevertheless.
T...
[ more ]