CVE-2015-5600Missing Critical Step in Authentication in Openssh

CWE-264CWE-304Missing Critical Step in AuthenticationCWE-20Improper Input Validation14 documents11 sources
Severity
8.5HIGHNVD
OSV4.3
EPSS
73.6%
top 1.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openbsd Openssh
Timeline
PublishedAug 3
Latest updateMay 13

Description

The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.

CVSS vector

AV:N/AC:L/C:P/I:N/A:CExploitability: 10.0 | Impact: 7.8

Affected Packages3 packages

Debianopenbsd/openssh< 1:6.9p1-1+3
Ubuntuopenbsd/openssh< 1:6.6p1-2ubuntu2.3

🔴Vulnerability Details

4
GHSA
GHSA-6x25-gfx2-5crp: The kbdint_next_device function in auth2-chall2022-05-13
OSV
openssh regression2015-08-18
CVEList
CVE-2015-5600: The kbdint_next_device function in auth2-chall2015-08-03
OSV
CVE-2015-5600: The kbdint_next_device function in auth2-chall2015-08-03

📋Vendor Advisories

7
Cisco
Cisco NX-OS Software SNMP Packet Denial of Service Vulnerability2016-03-03
Ubuntu
OpenSSH regression2015-08-18
Ubuntu
OpenSSH vulnerabilities2015-08-14
BSD
FreeBSD-SA-15:16.openssh: OpenSSH multiple vulnerabilities2015-07-28
Red Hat
openssh: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices2015-07-16

💬Community

2
Bugzilla
CVE-2015-5600 openssh: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices2015-07-23
Bugzilla
CVE-2015-5600 openssh: authentication limits (MaxAuthTries) bypass [fedora-all]2015-07-23
CVE-2015-5600 — Missing Critical Step in Authentication | cvebase