OpenSSH SSHFP Record Verification Weakness

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.

Synopsis :

A secure shell client on the remote host could be used to bypass host
verification methods.

Description :

According to its banner, the version of OpenSSH running on the remote
host is 6.1 through 6.6.

It is, therefore, affected by a host verification bypass vulnerability
related to SSHFP and certificates that could allow a malicious SSH
server to cause the supplied client to inappropriately trust the

See also :

Solution :

Update to version 6.7 or later or apply the vendor patch.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 4.1
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 78655 ()

Bugtraq ID: 66459

CVE ID: CVE-2014-2653

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now