Title: OpenSSH-Portable Existing Password Remote Information Disclosure Weakness
Severity: MODERATE
Description:
OpenSSH is a freely available, open-source implementation of the Secure Shell protocol. It is available for UNIX, Linux, and Microsoft platforms.
OpenSSH reportedly contains an information-disclosure weakness. This issue resides in the portable version of OpenSSH, which is distributed for operating systems other than its native OpenBSD platform.
This issue has been confirmed as not deriving from either the Pluggable Authentication Module (PAM) issue disclosed in BID 11781 in 2004, nor the more recent Generic Security Services Application Programming Interface (GSSAPI)-based information leak outlined in BID 20245. Reportedly, it is possible to verify access credentials for users with an existing system password by measuring SSH authentication timing differences.
The security researcher who discovered this information leak has released a script that establishes test connections to an SSH Daemon and calculates whether a user account has a password set. This is done by analyzing the amount of time an SSH authentication process takes for an account with an existing password, and comparing this variable against the mean time it takes to authenticate against an account with no password set. Initial results indicate an information leak.
A simple demonstration of this timing leak is outlined below. Note the authentication timing variance between an existing user account with no password set, and a user account with an existing established password.
username:--------------------------timing vector:
nobody@www.example.com -------0.09
root@www.example.com -----------0.32 <-- valid user with shell
The above phenomenon manifests itself as a predictable timing difference between accounts with and without a password set. Using the above example, we can expect an account on the target system with no password set to return a time delta of approximately +/- .09, where an account with a password set will return a delta of approximately +/- .32 on this particular system. Network latencies can play a role in skewing data of this nature, so topics like round-trip time, skew, and network congestion must be accounted for in developing statistical timing averages of this type.
Both protocols 1 and 2 have been reported affected. This phenomenon also presents itself in situations with or without PAM authentication, and in scenarios where 'GSSAPIAuthentication' is set to 'no'.
This weakness allows remote users to test for the existence of valid usernames with a password set. Knowledge of system users with established passwords may aid in further attacks.
The discoverer of this timing weakness has stated that this issue may partially depend on specific system configurations, but this has not been confirmed. Further testing is needed, but initial results indicate that this leak is independent of system-specific configurations.
Affected Products:
- OpenSSH OpenSSH 4.1.0 p1
- S.u.S.E. Linux Personal 10.0.0 OSS
- S.u.S.E. Linux Professional 10.0.0
- S.u.S.E. Linux Professional 10.0.0 OSS
References:
- Marco Ivaldi: sshtime
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
