Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Misc. --> Category: infos

Portable OpenSSH PAM timing attack Vulnerability Scan

Vulnerability Scan Summary
Checks the timing of the remote SSH server

Detailed Explanation for this Vulnerability Test

The remote host seem to be running an SSH server which can allow
a possible hacker to acertain the existence of a given login by comparing
the time the remote sshd daemon takes to refuse a bad password for a
non-existent login compared to the time it takes to refuse a bad password
for a valid login.

A possible hacker may use this flaw to set up a brute force attack against
the remote host.

Solution : Disable PAM support if you do not use it, upgrade to the newest
version of OpenSSH

Threat Level: Low

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.