Re: No vulnerability known in SSH-1.2.26

tony@secapl.com
Tue, 3 Nov 1998 10:21:36 -0500 (EST)

• Next message: DNS Manager: "can anyone tell me how to subscribe to this list"
• Previous message: Ben Laurie: "Re: No vulnerability known in SSH-1.2.26"
• In reply to: Anonymous: "Re: No vulnerability known in SSH-1.2.26"
• Next in thread: Ben Laurie: "Re: No vulnerability known in SSH-1.2.26"

On Tue, 3 Nov 1998 acpizer@mach.unseen.org wrote:

> There is 1 user account on the rootshell box, the same user had an
> account on another maehicne, somewhere, he was using the same password
> on both, the attacker found the usere's password on machine A and went
> to try it on machine B.

  Password compromise was my first hypothesis when I heard about it last
wednesday, but I have no first-hand knowledge. Certainly the easiest way
to attack ssh, as it's not really ssh you're attacking, but then this is
not germane to CodherPlunks, so sorry for taking an off-topic turn. ;-)

• Next message: DNS Manager: "can anyone tell me how to subscribe to this list"
• Previous message: Ben Laurie: "Re: No vulnerability known in SSH-1.2.26"
• In reply to: Anonymous: "Re: No vulnerability known in SSH-1.2.26"
• Next in thread: Ben Laurie: "Re: No vulnerability known in SSH-1.2.26"