Bug opens OpenSSH servers to brute-force password attacks


July 22, 2015

A bug in OpenSSH, the most popular software for secure remote access to UNIX-based systems, could allow attackers to bypass authentication retry restrictions and execute many password guesses.

A security researcher who uses the online alias Kingcope disclosed the issue on his blog last week, but he only requested a public vulnerability ID to be assigned Tuesday. 

By default, OpenSSH servers allow six authentication retries before closing a connection and the OpenSSH client allows three incorrect password entries, Kingcope said.

Read full story…