icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Tectia SSH Server Authentication Bypass

Synopsis

The remote SSH server is vulnerable to an authentication bypass vulnerability

Description

Version of Tectia SSH server earlier than 6.3.3 / 6.2.6 / 6.1.13 / 6.0.20 are vulnerable. A remote, unauthenticated attacker can bypass authentication by sending a specially crafted request, allowing the attackerto authenticate as root.

The software is only vulnerable when running on Unix or Unix-like operating systems.

Solution

Upgrade to Tectia SSH server 6.3.3 / 6.2.6 / 6.1.13 / 6.0.20. Additionally one can disable password authentication in the ssh-server-config.xml configuration file (this file needs to be created if it does not already exists)