SSH 3 AllowedAuthentications Remote Bypass

Low Nessus Plugin ID 10965


The remote SSH server may accept password-based authentications even when not explicitely enabled.


The remote host is running a version of SSH that is older than 3.1.2 and newer or equal to 3.0.0.

There is a vulnerability in this release that may, under some circumstances, allow users to authenticate using a password whereas it is not explicitly listed as a valid authentication mechanism.

An attacker may use this flaw to attempt to brute-force a password using a dictionary attack (if the passwords used are weak).


Upgrade to version 3.1.2 of SSH, which solves this problem.

Plugin Details

Severity: Low

ID: 10965

File Name: ssh_AllowedAuthentications.nasl

Version: $Revision: 1.23 $

Type: remote

Family: Misc.

Published: 2002/05/24

Modified: 2013/12/04

Dependencies: 10267

Risk Information

Risk Factor: Low


Base Score: 3.5

Temporal Score: 2.6

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2002/05/24

Reference Information

CVE: CVE-2002-1646

BID: 4810

OSVDB: 18238