July 22, 2015
A bug in OpenSSH, the most popular software for secure remote access to UNIX-based systems, could allow attackers to bypass authentication retry restrictions and execute many password guesses.
A security researcher who uses the online alias Kingcope disclosed the issue on his blog last week, but he only requested a public vulnerability ID to be assigned Tuesday.
By default, OpenSSH servers allow six authentication retries before closing a connection and the OpenSSH client allows three incorrect password entries, Kingcope said.