SSH Secure-RPC Weak Encrypted Authentication Key Recovery (deprecated)

Low Nessus Network Monitor Plugin ID 1976

Synopsis

The remote host is vulnerable to a flaw that allows attackers to retrieve sensitive files or data.

Description

The remote host is running SSH Communication Security's SSH 1.2.27 to 1.2.30. With Secure-RPC, this version may allow local attackers to recover a SUN-DES-1 magic phrase generated by another user that the attacker can use to decrypt the private key file of the user.

Solution

Upgrade or patch according to vendor recommendations.

Plugin Details

Severity: Low

ID: 1976

Family: SSH

Published: 2004/08/20

Modified: 2016/02/05

Dependencies: 1967, 3059

Nessus ID: 11340

Risk Information

Risk Factor: Low

CVSSv2

Base Score: 2.6

Temporal Score: 2.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 3.6

Temporal Score: 3.3

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Reference Information

CVE: CVE-2001-0259

BID: 2222