|
Family: Misc. --> Category: infos
OpenSSH GSSAPI Credential Disclosure Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for GSSAPI credential disclosure vulnerability in OpenSSH
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote SSH server is susceptible to an information disclosure
vulnerability.
Description :
According to its banner, the version of OpenSSH installed on the
remote host may allow GSSAPI credentials to be delegated to users who
log in using something other than GSSAPI authentication if
'GSSAPIDelegateCredentials' is enabled.
See also :
http://www.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.html
Solution :
Upgrade to OpenSSH 4.2 or later.
Threat Level:
Low / CVSS Base Score : 1
(AV:R/AC:H/Au:R/C:P/A:N/I:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|