Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

SSH < 3.1.2 AllowedAuthentications Remote Bypass (deprecated)

Low

Synopsis

The remote host may give an attacker information useful for future attacks.

Description

The remote host is running a version of the SSH daemon older than 3.1.2 or equal to 3.0.0. There is a vulnerability in this release that may, under some circumstances, allow users to authenticate using a password whereas it is not explicitly listed as a valid authentication mechanism. An attacker may use this flaw to brute force a password using a dictionary attack (if the password used is weak).

Solution

Upgrade to SSH 3.1.2 or higher.