OpenSSH has user enumeration bug

Blowfish is faster than SHA256, and that's a problem when servers talk back

A bug in OpenSSH allows an attacker to check whether user names are valid on a 'net-facing server - because the Blowfish algorithm runs faster than SHA256/SHA512.

The bug hasn't been fixed yet, but in his post to Full Disclosure, Verint developer Eddie Harari says OpenSSH developer Darren Tucker knows about the issue and is working to address it.

If you send a user ID to an OpenSSH server with a long (but wrong) password – 10 kilobytes is what Harari mentions in his post – then the server will respond quickly for fake users, but slower for real users.

As the post explains, it's particular to certain configurations:

“When SSHD tries to authenticate a non-existing user, it will pick up a fake password structure hardcoded in the SSHD source code. On this hard coded password structure the password hash is based on BLOWFISH ($2) algorithm. If real users passwords are hashed using SHA256/SHA512, then sending large passwords (10KB) will result in shorter response time from the server for non-existing users.”

Of course, if the attacker is able to work out an SSH user ID, the next step would be to check it against a list of previously-hacked ID and password pairs, so as soon as OpenSSH makes its patch public, you know what to do. ®


Biting the hand that feeds IT © 1998–2017