Family: Misc. --> Category: infos
Portable OpenSSH PAM timing attack Vulnerability Scan
Vulnerability Scan Summary
Checks the timing of the remote SSH server
Detailed Explanation for this Vulnerability Test
The remote host seem to be running an SSH server which can allow
a possible hacker to acertain the existence of a given login by comparing
the time the remote sshd daemon takes to refuse a bad password for a
non-existent login compared to the time it takes to refuse a bad password
for a valid login.
A possible hacker may use this flaw to set up a brute force attack against
the remote host.
Solution : Disable PAM support if you do not use it, upgrade to the newest
version of OpenSSH
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.