[serious bug] SSH password transmitted in CLEAR TEXT

Report your issues here

[serious bug] SSH password transmitted in CLEAR TEXT

Postby customer-72319 » Thu Dec 04, 2014 9:54 am

Hi,
I use RVNC v4.5.4 on iOS 5.1.1 /w SSH addon.
I have a connection (one out of 4, RDP over SSH) where -if I leave the username empty- it is not requested but the connection tried leading to revealing my password to root:
/var/log/auth.log:
Code: Select all
Dec  4 14:45:42 srv sshd[29723]: Invalid user MyPaSsWoRd from 1.2.3.4
Dec  4 14:45:42 srv sshd[29723]: Failed none for invalid user MyPaSsWoRd from 1.2.3.4 port 54321 ssh2
Dec  4 14:45:42 srv sshd[29723]: pam_unix(sshd:auth): check pass; user unknown
Dec  4 14:45:42 srv sshd[29723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=remote.host.net


Pleae fix, and please make sure that fix is available for iOS 5.1.1 (iPad "1", cannot update OS anymore)
customer-72319
 
Posts: 5
Joined: Thu Dec 04, 2014 7:54 am

Re: [serious bug] SSH password transmitted in CLEAR TEXT

Postby raf » Fri Dec 05, 2014 9:51 am

This is very odd. So somehow the password is being sent as the user name?
To be clear, SSH doesn't ever transmit passwords. Either in clear text, encrypted or otherwise. There is a cryptographic handshake that is performed during authentication, but it doesn't involve sending the password over to the server. What you're seeing is your password (is this your RDP or SSH password?) being send over as the username for some reason. I'll try to recreate if you give me some more info.
Unfortunately, Apple doesn't give the tools to developers required to update apps still in old versions of the OS. So we can discuss alternatives.

Thanks,
Raf.
raf
Site Admin
 
Posts: 1691
Joined: Sat Oct 09, 2010 12:17 am

Re: [serious bug] SSH password transmitted in CLEAR TEXT

Postby customer-72319 » Fri Dec 05, 2014 10:20 am

Yes, I know how SSH works (in general), the headline was a bit drastic to draw attention.
Even the username is not transmitted in clear text. It's just accessible to root and the group adm in clear text as it's apparently transmitted instead/in-the-place-of the username.

My setup:
SSH over RDP, RDP logon credentials and SSH password (passord AUTH, no key AUTH) saved in RVNC setup (initially SSH username was saved too but I deleted that for added security when giving my iPad out of hands).
Starting a session usually the username is asked. One of my 4 set up sessions does not ask the username but just tries to connect.
After a few sec it says "... The SSH server didn't accept the supplied credentials..." and the auth.log shows the lines given above.
I can do that back and forth: Presetting the username: normal behavior -> deleting the username: as described above -> Presetting the username: normal behavior -> ...

Unfortunately, Apple doesn't give the tools to developers required to update apps still in old versions of the OS. So we can discuss alternatives.

What do you mean by that? Don't you keep 'old' (4.5.4 came out not even a yr ago) development/compilation environments?
What (except dumping the iPad1 and buying a new(er) one) could be alternatives?


Thank you.
customer-72319
 
Posts: 5
Joined: Thu Dec 04, 2014 7:54 am

Re: [serious bug] SSH password transmitted in CLEAR TEXT

Postby customer-72319 » Tue Dec 09, 2014 12:34 pm

Hi,

any news/ideas on this?

Thank you
customer-72319
 
Posts: 5
Joined: Thu Dec 04, 2014 7:54 am


Return to Support

Who is online

Users browsing this forum: No registered users and 1 guest

cron
cron