[Bug 2024540] Re: SSH Vulnerability Can Gain Access even with Time OTP Enabled

Steve Langasek 2024540 at bugs.launchpad.net
Thu Jun 22 14:51:13 UTC 2023 

The auth log you've attached does not appear to show any ssh sessions.
You also have modified /etc/pam.d/sshd and /etc/ssh/sshd_config but have
not included these files here.  Where are you seeing that ssh logins are
succeeding?

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2024540

Title:
  SSH Vulnerability Can Gain Access even with Time OTP Enabled

Status in openssh package in Ubuntu:
  New

Bug description:
  Hi,

  We have noticed that when allowing firewall rule to open SSH port 22
  of my computer, somebody in the local network gets access to the
  system, to prevent it we had added two factor authentication by adding
  Time based OTP using google authenticator and root login is disabled
  in configuration, our network have windows systems which are
  compromised they are infecting this system and installing XOR DDOS
  Malware in my system, the rkhunter log shows variation in lot of
  system binary files, The XOR DDOS is overwriting lot of files before
  installing itself in the system, i think there is some critical bug in
  ssh system, we thought they are bruteforcing ssh password, but even
  after putting time based two factor authentication they are able to
  infiltrate the system and gain access.

  The ubuntu we are using is 22.04 LTS Jammy.
  Our systems are constantly attacked by XOR DDOS Rootkit.
  We had even rate limited the ssh even then they gets access added OTP verification also. we think there is some severe security issue with ssh.

  More Details About XOR DDOS Here
  https://www.microsoft.com/en-us/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/

  Also there is no option to attach multiple files here.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2024540/+subscriptions

More information about the foundations-bugs mailing list