OpenSSH < 4.0 known_hosts Plaintext Host Information Disclosure

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.

Synopsis :

The remote SSH server is affected by an information disclosure

Description :

According to its banner, the remote host is running a version of
OpenSSH prior to 4.0. Versions of OpenSSH earlier than 4.0 are
affected by an information disclosure vulnerability because the
application stores hostnames, IP addresses, and keys in plaintext in
the 'known_hosts' file. A local attacker, exploiting this flaw, could
gain access to sensitive information that could be used in subsequent

See also :

Solution :

Upgrade to OpenSSH 4.0 or later.

Risk factor :

Low / CVSS Base Score : 1.2

Family: Misc.

Nessus Plugin ID: 44075 ()

Bugtraq ID:

CVE ID: CVE-2005-2666

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now