On Tue, 4 Sep 2018 13:16:26 -0400
Daniel Jakots wrote:
> On Tue, 4 Sep 2018 12:05:01 -0500, "Karl O. Pinc"
> wrote:
>
> > Ssh in OpenBSD 6.3 (stable), and I presume 6.2, is vulnerable
> > to username existance checking by remote systems.
>
> It was already discussed on the list:
> https://ma
On Tue, 4 Sep 2018 12:05:01 -0500, "Karl O. Pinc" wrote:
> Ssh in OpenBSD 6.3 (stable), and I presume 6.2, is vulnerable
> to username existance checking by remote systems.
It was already discussed on the list:
https://marc.info/?l=openbsd-misc&m=153512055014488&w=2
Cheers,
Daniel
Hi,
Ssh in OpenBSD 6.3 (stable), and I presume 6.2, is vulnerable
to username existance checking by remote systems.
OpenBSD current has a patch.
https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0
Demonstration code is found here:
https://bugfuzz.com/stuff/ssh-check
3 matches
Mail list logo
