SSH1 SSH Daemon Logging Failure

This script is Copyright (C) 2003-2011 Xue Yong Zhi


Synopsis :

The remote SSH server does not properly log repeated logins attempts.

Description :

The remote host is running SSH Communications Security SSH 1.2.30 or
older.

The remote version of this software does not log repeated login
attempts, which could allow remote attackers to compromise accounts
without detection via a brute-force attack.

See also :

http://archives.neohapsis.com/archives/bugtraq/2001-02/0084.html

Solution :

Upgrade the remote SSH server to the newest version available from
SSH.com

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 5.9
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Gain a shell remotely

Nessus Plugin ID: 11341 ()

Bugtraq ID: 2345

CVE ID: CVE-2001-0471