This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.
Remote attackers may be able to infer information about traffic
inside an SSH session.
According to its banner, the remote host appears to be running a
version of OpenSSH earlier than 2.5.2 / 2.5.2p2. It, therefore,
reportedly contains weaknesses in its implementation of the SSH
protocol, both versions 1 and 2. These weaknesses could allow an
attacker to sniff password lengths, and ranges of length (this could
make brute-force password guessing easier), determine whether RSA or
DSA authentication is being used, the number of authorized_keys in RSA
authentication and/or the length of shell commands.
See also :
Upgrade to OpenSSH 2.5.2 / 2.5.2p2 or later.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.7
Public Exploit Available : false