This script is Copyright (C) 2002-2013 Tenable Network Security, Inc.
The remote SSH server may accept password-based authentications even
when not explicitely enabled.
The remote host is running a version of SSH that is older than 3.1.2
and newer or equal to 3.0.0.
There is a vulnerability in this release that may, under some
circumstances, allow users to authenticate using a password whereas it
is not explicitly listed as a valid authentication mechanism.
An attacker may use this flaw to attempt to brute-force a password
using a dictionary attack (if the passwords used are weak).
Upgrade to version 3.1.2 of SSH, which solves this problem.
Risk factor :
Low / CVSS Base Score : 3.5
CVSS Temporal Score : 2.6
Public Exploit Available : false
Nessus Plugin ID: 10965 ()
Bugtraq ID: 4810
CVE ID: CVE-2002-1646
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.