OpenSSH -- MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices
It was discovered that the OpenSSH sshd daemon did not check the
list of keyboard-interactive authentication methods for duplicates.
A remote attacker could use this flaw to bypass the MaxAuthTries
limit, making it easier to perform password guessing attacks.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright