Brute-force vulnerability in keyboard-interactive authentication in OpenSSH
|ID: oval:org.secpod.oval:def:26769||Date: (C)2015-09-15 (M)2019-03-17|
|Class: VULNERABILITY||Family: unix|
The host is installed with openssh on RHEL 6 or 7 and is prone to a brute-force vulnerability. A flaw is present in the application, which fails to check the list of keyboard-interactive authentication methods for duplicates. Successful exploitation could allow attackers to bypass the MaxAuthTries limit.
|Red Hat Enterprise Linux 6|
|Red Hat Enterprise Linux 7|