This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.
The remote SSH host is set up to accept authentication with weak
Debian SSH keys.
The remote host has one or more ~/.ssh/authorized_keys files
containing weak SSH public keys generated on a Debian or Ubuntu
The problem is due to a Debian packager removing nearly all sources of
entropy in the remote version of OpenSSL.
This problem does not only affect Debian : any user uploading a weak
SSH key into his ~/.ssh/authorized_keys file will compromise the
security of the remote system.
An attacker could try a brute-force attack against the remote host and
logon using these weak keys.
Remove all the offending entries from ~/.ssh/authorized_keys.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true
Family: Gain a shell remotely
Nessus Plugin ID: 32320 ()
Bugtraq ID: 29179
CVE ID: CVE-2008-0166
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.