This script is Copyright (C) 2016 Tenable Network Security, Inc.
The SSH server running on the remote host is affected by multiple
According to its banner, the version of OpenSSH running on the remote
host is prior to 7.3. It is, therefore, affected by multiple
- A flaw exists that is due to the program returning
shorter response times for authentication requests with
overly long passwords for invalid users than for valid
users. This may allow a remote attacker to conduct a
timing attack and enumerate valid usernames.
- A denial of service vulnerability exists in the
auth_password() function in auth-passwd.c due to a
failure to limit password lengths for password
authentication. An unauthenticated, remote attacker can
exploit this, via a long string, to consume excessive
CPU resources, resulting in a denial of service
- An unspecified flaw exists in the CBC padding oracle
countermeasures that allows an unauthenticated, remote
attacker to conduct a timing attack. (VulnDB 142343)
- A flaw exists due to improper operation ordering of MAC
verification for Encrypt-then-MAC (EtM) mode transport
MAC algorithms when verifying the MAC before decrypting
any ciphertext. An unauthenticated, remote attacker can
exploit this, via a timing attack, to disclose sensitive
information. (VulnDB 142344)
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.
See also :
Upgrade to OpenSSH version 7.3 or later.
Risk factor :
High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.4
Public Exploit Available : true