icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

SSH < 3.1.2 AllowedAuthentications Remote Bypass

Low

Synopsis

The remote host may give an attacker information useful for future attacks.

Description

The remote host is running a version of the SSH daemon older than 3.1.2 or equal to 3.0.0. There is a vulnerability in this release that may, under some circumstances, allow users to authenticate using a password whereas it is not explicitly listed as a valid authentication mechanism. An attacker may use this flaw to brute force a password using a dictionary attack (if the password used is weak).

Solution

Upgrade to SSH 3.1.2 or higher.