Bug exposes OpenSSH servers to brute-force password guessing attacks

A bug in OpenSSH, the most popular software for secure remote access to UNIX-based systems, could allow attackers to bypass authentication retry restrictions and execute many password guesses.

A security researcher who uses the online alias Kingcope disclosed the issue on his blog last week, but he only requested a public vulnerability ID to be assigned Tuesday.

By default, OpenSSH servers allow six authentication retries before closing a connection and the OpenSSH client allows three incorrect password entries, Kingcope said.

To read this article in full or to leave a comment, please click here

Read more: Bug exposes OpenSSH servers to brute-force password guessing attacks

Story added 22. July 2015, content source with full text you can find at link above.