Family: Gain a shell remotely --> Category: infos
SSH 3 AllowedAuthentication Vulnerability Scan
Vulnerability Scan Summary
Checks for the remote SSH version
Detailed Explanation for this Vulnerability Test
The remote SSH server may accept password-based authentications even when
not explicitely enabled.
The remote host is running a version of SSH which is older than 3.1.2
and newer or equal to 3.0.0.
There is a vulnerability in this release that may, under some circumstances,
allow users to authenticate using a password whereas it is not explicitly
listed as a valid authentication mechanism.
A possible hacker may use this flaw to attempt to brute force a password using a
dictionary attack (if the passwords used are weak).
Upgrade to version 3.1.2 of SSH which solves this problem.
Low / CVSS Base Score : 2
Click HERE for more information and discussions on this network vulnerability scan.