CVE-2002-1646

critical

Description

SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to override the AllowedAuthentications configuration and use less secure authentication schemes (e.g. password) than configured for the server.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/9163

http://www.ssh.com/products/ssh/advisories/authentication.cfm

http://www.ssh.com/company/newsroom/article/201/

http://www.securityfocus.com/bid/4810

http://www.kb.cert.org/vuls/id/341187

http://www.ciac.org/ciac/bulletins/m-081.shtml

http://archives.neohapsis.com/archives/bugtraq/2002-05/0204.html

Details

Source: Mitre, NVD

Published: 2002-12-31

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.01976

Detections

Analytics