From 2d9ddabcadb6293c61798f03124e86fdb6b06e03 Mon Sep 17 00:00:00 2001 From: Joe Testa Date: Mon, 22 Apr 2024 16:26:03 -0400 Subject: [PATCH] Updated DHEat rate connection warning message. --- src/ssh_audit/dheat.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssh_audit/dheat.py b/src/ssh_audit/dheat.py index 698ee5b..aead681 100644 --- a/src/ssh_audit/dheat.py +++ b/src/ssh_audit/dheat.py @@ -51,7 +51,7 @@ class DHEat: MAX_SAFE_RATE = 20.0 # The warning added to DH algorithms in the UI when dh_rate_test determines that no throttling is being done. - DHEAT_WARNING = "Potentially insufficient connection throttling detected, resulting in possible vulnerability to the DHEat DoS attack (CVE-2002-20001). {connections:d} connections were created in {time_elapsed:.3f} seconds, or {rate:.1f} conns/sec; server must respond with a rate less than {max_safe_rate:.1f} conns/sec per IPv4/IPv6 source address to be considered safe. For rate-throttling options, please see . Suppress this test and message with the --skip-rate-test option." + DHEAT_WARNING = "Potentially insufficient connection throttling detected, resulting in possible vulnerability to the DHEat DoS attack (CVE-2002-20001). {connections:d} connections were created in {time_elapsed:.3f} seconds, or {rate:.1f} conns/sec; server must respond with a rate less than {max_safe_rate:.1f} conns/sec per IPv4/IPv6 source address to be considered safe. For rate-throttling options, please see . Be aware that using 'PerSourceMaxStartups 1' properly protects the server from this attack, but will cause this test to yield a false positive. Suppress this test and message with the --skip-rate-test option." # List of the Diffie-Hellman group exchange algorithms this test supports. gex_algs = [