This script is Copyright (C) 2000-2011 Tenable Network Security, Inc.
The remote SSH server does not properly protect the kerberos tickets of
The remote host is running a version of SSH which is older than (or as old as)
There is a flaw in the remote version of this software which allows an attacker
to eavesdrop the kerberos tickets of legitimate users of this service, as sshd
will set their environment variable KRB5CCNAME to 'none' when they log in.
As a result, kerberos tickets will be stored in the current working directory
of the user, as 'none'.
In certain cases, this may allow an attacker to obtain the tickets.
Upgrade to the newest version of SSH.
Risk factor :
Low / CVSS Base Score : 2.6
CVSS Temporal Score : 2.1
Nessus Plugin ID: 10472 ()
Bugtraq ID: 1426
CVE ID: CVE-2000-0575
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.