SSH with Kerberos NFS Share Ticket Disclosure
Low Nessus Plugin ID 10472
SynopsisThe remote SSH server does not properly protect the kerberos tickets of the users.
DescriptionThe remote host is running a version of SSH which is older than (or as old as) version 1.2.27.
There is a flaw in the remote version of this software which allows an attacker to eavesdrop the kerberos tickets of legitimate users of this service, as sshd will set their environment variable KRB5CCNAME to 'none' when they log in. As a result, kerberos tickets will be stored in the current working directory of the user, as 'none'.
In certain cases, this may allow an attacker to obtain the tickets.
SolutionUpgrade to the newest version of SSH.