This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.
The remote SSH host is set up to accept authentication with
weak Debian SSH keys.
The remote host has one or more ~/.ssh/authorized_keys
files containing weak SSH public keys generated on a Debian
or Ubuntu system.
The problem is due to a Debian packager removing nearly all
sources of entropy in the remote version of OpenSSL.
This problem does not only affect Debian : any user uploading
a weak SSH key into his ~/.ssh/authorized_keys file will
compromise the security of the remote system.
An attacker could try a brute-force attack against the remote
host and log in with these weak keys.
Remove all the offending entries from ~/.ssh/authorized_keys
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true
Family: Gain a shell remotely
Nessus Plugin ID: 32320 ()
Bugtraq ID: 29179
CVE ID: CVE-2008-0166
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.