OpenSSH S/KEY Authentication Account Enumeration

Medium Nessus Plugin ID 17704


The remote host is affected by an information disclosure vulnerability.


When OpenSSH has S/KEY authentication enabled, it is possible to remotely determine if an account configured for S/KEY authentication exists.

Note that Nessus has not attempted to exploit the issue but has instead only checked if OpenSSH is running on the remote host. As a result, it will not detect if the remote host has implemented a workaround.


A patch currently does not exist for this issue. As a workaround, either set 'ChallengeResponseAuthentication' in the OpenSSH config to 'no' or use a version of OpenSSH without S/KEY support compiled in.

See Also

Plugin Details

Severity: Medium

ID: 17704

File Name: openssh_challenge_response.nasl

Version: $Revision: 1.4 $

Type: remote

Family: Misc.

Published: 2011/11/18

Modified: 2016/05/12

Dependencies: 10267

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:ND/RL:U/RC:ND

Vulnerability Information

CPE: cpe:/a:openbsd:openssh

Required KB Items: Settings/PCI_DSS

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2007/04/21

Reference Information

CVE: CVE-2007-2243

BID: 23601

OSVDB: 34600

CWE: 287