|
Family: Gain a shell remotely --> Category: infos
SSH 3 AllowedAuthentication Vulnerability Scan
Vulnerability Scan Summary Checks for the remote SSH version
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote SSH server may accept password-based authentications even when
not explicitely enabled.
Description :
The remote host is running a version of SSH which is older than 3.1.2
and newer or equal to 3.0.0.
There is a vulnerability in this release that may, under some circumstances,
allow users to authenticate using a password whereas it is not explicitly
listed as a valid authentication mechanism.
A possible hacker may use this flaw to attempt to brute force a password using a
dictionary attack (if the passwords used are weak).
Solution :
Upgrade to version 3.1.2 of SSH which solves this problem.
Threat Level:
Low / CVSS Base Score : 2
(AV:R/AC:H/Au:R/C:N/A:N/I:P/B:I)
Click HERE for more information and discussions on this network vulnerability scan.
|