OpenSSH 2.3.1 SSHv2 Public Key Authentication Bypass

High Nessus Plugin ID 10608


The remote host has an application that is affected by a authentication bypass vulnerability.


According to its banner, the remote host is running OpenSSH 2.3.1.

This version is vulnerable to a flaw that allows any attacker who can obtain the public key of a valid SSH user to log into this host without any authentication.


Upgrade to OpenSSH 2.3.2.

See Also

Plugin Details

Severity: High

ID: 10608

File Name: openssh_231.nasl

Version: $Revision: 1.25 $

Type: remote

Family: Misc.

Published: 2001/02/09

Modified: 2012/06/19

Dependencies: 10267

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:openbsd:openssh

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2001/02/08

Reference Information

CVE: CVE-2001-1585

BID: 2356

OSVDB: 504

CWE: 287