OpenSSH < 4.0 known_hosts Plaintext Host Information Disclosure
Low Nessus Plugin ID 44075
The remote SSH server is affected by an information disclosure vulnerability.
According to its banner, the remote host is running a version of OpenSSH prior to 4.0. Versions of OpenSSH earlier than 4.0 are affected by an information disclosure vulnerability because the application stores hostnames, IP addresses, and keys in plaintext in the 'known_hosts' file. A local attacker, exploiting this flaw, could gain access to sensitive information that could be used in subsequent attacks.