SSH 3 AllowedAuthentications Remote Bypass

low Nessus Plugin ID 10965

Synopsis

The remote SSH server may accept password-based authentications even when not explicitely enabled.

Description

The remote host is running a version of SSH that is older than 3.1.2 and newer or equal to 3.0.0.

There is a vulnerability in this release that may, under some circumstances, allow users to authenticate using a password whereas it is not explicitly listed as a valid authentication mechanism.

An attacker may use this flaw to attempt to brute-force a password using a dictionary attack (if the passwords used are weak).

Solution

Upgrade to version 3.1.2 of SSH, which solves this problem.

Plugin Details

Severity: Low

ID: 10965

File Name: ssh_AllowedAuthentications.nasl

Version: 1.24

Type: remote

Family: Misc.

Published: 5/24/2002

Updated: 7/30/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Low

Base Score: 3.5

Temporal Score: 2.6

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 5/24/2002

Reference Information

CVE: CVE-2002-1646

BID: 4810

Detections

Analytics