Brute-force vulnerability in keyboard-interactive authentication in OpenSSH| ID: oval:org.secpod.oval:def:26769 | Date: (C)2015-09-15 (M)2023-12-07 |
| Class: VULNERABILITY | Family: unix |
The host is installed with openssh on RHEL 6 or 7 and is prone to a brute-force vulnerability. A flaw is present in the application, which fails to check the list of keyboard-interactive authentication methods for duplicates. Successful exploitation could allow attackers to bypass the MaxAuthTries limit.
| Platform: |
| Red Hat Enterprise Linux 6 |
| Red Hat Enterprise Linux 7 |
