SSH Secure-RPC Weak Encrypted Authentication Key Recovery (deprecated)

low Nessus Network Monitor Plugin ID 1976

Synopsis

The remote host is vulnerable to a flaw that allows attackers to retrieve sensitive files or data.

Description

The remote host is running SSH Communication Security's SSH 1.2.27 to 1.2.30. With Secure-RPC, this version may allow local attackers to recover a SUN-DES-1 magic phrase generated by another user that the attacker can use to decrypt the private key file of the user.

Solution

Upgrade or patch according to vendor recommendations.

Plugin Details

Severity: Low

ID: 1976

Family: SSH

Published: 8/20/2004

Updated: 3/6/2019

Nessus ID: 11340

Risk Information

VPR

Risk Factor: Medium

Score: 5.0

CVSS v2

Risk Factor: Low

Base Score: 2.6

Temporal Score: 2.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Low

Base Score: 3.7

Temporal Score: 3.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Reference Information

CVE: CVE-2001-0259

BID: 2222

Detections

Analytics