Posted by king cope on Jul 17

OpenSSH has a default value of six authentication tries before it will
close the connection (the ssh client allows only three password
entries per default).

With this vulnerability an attacker is able to request as many
password prompts limited by the “login graced time” setting, that is
set to two minutes by default.

Especially FreeBSD systems are affected by the vulnerability because
they have keyboard-interactive authentication enabled…