1. sshguard Avatar sshguard
  2. sshguard
  3. sshguard
  4. Issues

exim - unadvertised AUTH syntax

Issue #113 new
Former user created an issue

Hi,

I've found two issues regarding this pattern. Firstly, if hostname resolving is off in exim, there is no hostname provided in parenthesis in the logline.

Second, error command "AUTH LOGIN" is case sensitive and attacker can use lowercase/anycase "auth login" to bypass sshguard (this is hypothetical for now).

Example logline: 2019-04-17 01:15:17 SMTP protocol error in "auth login" H=(philae) [11.22.33.444] AUTH command used when not advertised

Comments (2)

  1. Wojciech

    Corrected example: 2019-04-17 01:15:17 SMTP protocol error in "auth login" H=[11.22.33.444] AUTH command used when not advertised

  3. Log in to comment
Assignee
Type
bug
Priority
minor
Status
new
Component
parser
Votes
0
Watchers
None
Jira: the preferred issue tracker for Bitbucket. Join the team!