On 7/17/2015 3:19 PM, Mike Tancsa wrote: > ------------------ > https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/ > With this vulnerability an attacker is able to request as many password > prompts limited by the “login graced time” setting, that is set to two > minutes by default." > >
There is a patch in the OpenSSH tree to mitigate this. Any chance on bringing this in before 10.2R ships ? https://anongit.mindrot.org/openssh.git/patch/?id=5b64f85bb811246c59ebab ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, m...@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
