SSH 3.0.0 Locked Account Remote Authentication Bypass

This script is Copyright (C) 2001-2011 Tenable Network Security, Inc.


Synopsis :

An attacker might be able to use the remote SSH server
to log into the remote host without proper credentials

Description :

The remote host is running SSH 3.0.0. There is a bug in this
release which allows any user to log into accounts whose
password entry is two characters long or less.

An attacker might gain root privileges using this flaw.

Solution :

Upgrade to version 3.0.1 of SSH which solves this problem.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 4.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 10708 ()

Bugtraq ID: 3078

CVE ID: CVE-2001-0553

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial