SSH 3.0.0 Locked Account Remote Authentication Bypass

This script is Copyright (C) 2001-2011 Tenable Network Security, Inc.


Synopsis :

An attacker might be able to use the remote SSH server
to log into the remote host without proper credentials

Description :

The remote host is running SSH 3.0.0. There is a bug in this
release which allows any user to log into accounts whose
password entry is two characters long or less.

An attacker might gain root privileges using this flaw.

Solution :

Upgrade to version 3.0.1 of SSH which solves this problem.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 4.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 10708 ()

Bugtraq ID: 3078

CVE ID: CVE-2001-0553