[Bug 2024540] Re: Vulnerability Can Gain Access even with Time OTP Enabled

Vaishakh P 2024540 at bugs.launchpad.net
Fri Jun 23 05:31:05 UTC 2023 

I think when i reinstalled the system i lost the logs, and this post is panic driven, i should have analysed my system without reinstalling so i can find out wheather it is related to openssh or remmina, i am connecting to a windows system using remmina, may be due to that my system is getting infected.
Anyway I am posting sshd and sshd_config files here.

** Attachment added: "sshd"
   https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2024540/+attachment/5681582/+files/sshd

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2024540

Title:
  Vulnerability Can Gain Access even with Time OTP Enabled

Status in openssh package in Ubuntu:
  Incomplete

Bug description:
  Hi,

  We have noticed that when allowing firewall rule to open SSH port 22
  of my computer, somebody in the local network gets access to the
  system, to prevent it we had added two factor authentication by adding
  Time based OTP using google authenticator and root login is disabled
  in configuration, our network have windows systems which are
  compromised they are infecting this system and installing XOR DDOS
  Malware in my system, the rkhunter log shows variation in lot of
  system binary files, The XOR DDOS is overwriting lot of files before
  installing itself in the system, i think there is some critical bug in
  ssh system, we thought they are bruteforcing ssh password, but even
  after putting time based two factor authentication they are able to
  infiltrate the system and gain access.

  The ubuntu we are using is 22.04 LTS Jammy.
  Our systems are constantly attacked by XOR DDOS Rootkit.
  We had even rate limited the ssh even then they gets access added OTP verification also. we think there is some severe security issue with ssh.

  More Details About XOR DDOS Here
  https://www.microsoft.com/en-us/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/

  Also there is no option to attach multiple files here.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2024540/+subscriptions

More information about the foundations-bugs mailing list