BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Re: OpenSSH/PAM timing attack allows remote users identification May 01 2003 09:12AM
Ethan Benson (erbenson alaska net)
On Wed, Apr 30, 2003 at 04:34:27PM +0200, Marco Ivaldi wrote:
> root@voodoo:~# ssh [valid_user]@lab.mediaservice.net
> [valid_user]@lab.mediaservice.net's password: <- arbitrary (non-null) string
> [2 secs delay]
> Permission denied, please try again.
>
> root@voodoo:~# ssh [no_such_user]@lab.media...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus