Open SSH bug opens brute force attack window

A newly disclosed bug in widely-used OpenSSH software allows attackers to make thousands of password guesses in a short space of time.

The bug has existed in OpenSSH since 2007, according to Ars Technica, and means that attackers have much longer than usual to brute-force a password. Normally OpenSSH allows just three or six login attempts before closing a connection, but the new exploit allows hackers a period of two minutes to try as many passwords as they can.

Open SSH bug opens brute force attack window