A vulnerability has been discovered in OpenSSH that allows a remote unauthenticated user to bypass the maximum number of password authentication requests per connection, allowing tens of password attempts before the connection is timed out after 2 minutes, rather than the configured maximum of six. This increases the possibility of intrusion by brute force attack.
To mitigate the vulnerability, enable Brute Force Protection for the SSH service under System -> Services -> Brute Force Protection in the Opengear UI, or from the CLI run: config -s config.bfprotection.ssh.enabled=on -r services
The issue will be resolved as part of the 3.16.1 firmware scheduled for release in the coming weeks.
Comments
0 comments
Article is closed for comments.