lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 24 Apr 2007 15:30:32 +0200
From: rembrandt <rembrandt@...ith.org>
To: Stanislaw Klekot <dozzie@...amit.im.pwr.wroc.pl>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: OpenSSH - System Account Enumeration if S/Key
 is used

On Tue, 24 Apr 2007 11:10:27 +0200
Stanislaw Klekot <dozzie@...amit.im.pwr.wroc.pl> wrote:

> On Sat, Apr 21, 2007 at 02:27:17AM +0200, rembrandt wrote:
> > As you can see clearly OpenSSH discloses the existence of system accounts.
> > A possible solution for this problem would be to print a fake S/Key-Request
> > even for non existing users as well as it`s done with the 
> > Passwordauthentication.
> 
> This issue is known not only for S/Key, but for OPIE (PAM version) as
> well, although it's a bit different for the latter.
> 
> Look closer to challenge message. There's salt and key number included.
> Consider now three logins: first isn't valid account on the target
> system, second is valid but without OTP set, and third with OTP set.
> First two are indistinguishable for attacker as in these cases system
> presents random challenge, but for third account system will present the
> same challenge over and over again.
> 
> How about that?
> 
> -- 
> Stanislaw Klekot

Dear Stanislaw,

I know that the issue is not related to S/Key only but I had reasons to
just write about S/KEY so far.

I did not played with PAM because I`ve no OS wich supports it.
But your example should also allow to determine existing user accounts
because it`s pretty familiar with the S/KEY issue.

There`s propably only just one solution to solve such issues.
The OS has to present the uniq Challenges even for non existing user.

By this I mean the OS has to fake realy everything and also has to
decrese the specific values (like a user logged in).
During a specific amount of time (lets take 2 weeks as default) the OS
could fake the Challange requests this way:

opt-md5 97 some12345
(f.e. 2 hours later)
opt-md5 96 some12345
(f.e. 13 days later)
opt-md5 2 some12345

I hope you get the idea.
The OS does not have to store any Hashs anywhere.
In fact those things could get faked:

opt-&ALGO <- just choose some, it just has to be the same for a while
Count <- Well just decrese it during a specific period so that it isn`t
         always the same nor does jump from f.e. 100 to 44 if a
         attacker checks for this account twice a day.
Seed <- Could get handled like the &ALGO, so it just has to be the same
        for a specific time.

I`m pretty sure these things can get done and also that it should be
familiar for PAM/OPIE or any other Challange-Response system.


I hope I answered to everything you wanted to know. :-)

Kind regards,
Rembrandt

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ