SSH Protocol Authentication Bypass (Remote Exploit Check)
Medium Nessus Plugin ID 118154
SynopsisThe remote server is vulnerable to an authentication bypass.
DescriptionThe remote ssh server is vulnerable to an authentication bypass. An attacker can bypass authentication by presenting SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST method that normally would initiate authentication.
Note: This vulnerability was disclosed in a libssh advisory but has also been observed as applicable to other applications and software packages.
SolutionUpgrade to libssh 0.7.6 / 0.8.4 or later, if applicable. Otherwise, contact your product vendor.