Vigil@nce: pam_ssh, user detection
April 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can detect if a username is valid by looking at the
pam_ssh prompt.
Severity: 1/4
Consequences: data reading
Provenance: intranet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 01/04/2009
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The pam_ssh PAM module handles the authentication using the SSH
protocol.
When an attacker enters a valid username, pam_ssh displays "SSH
passphrase". When an attacker enters an invalid username, pam_ssh
displays "Password".
An attacker can therefore use a brute force attack to detect valid
usernames.
CHARACTERISTICS
Identifiers: 263579, 492153, VIGILANCE-VUL-8587
http://vigilance.fr/vulnerability/pam-ssh-user-detection-8587