Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tectia SSH Server Authentication Bypass

Critical

Synopsis

The remote SSH server is vulnerable to an authentication bypass vulnerability

Description

Version of Tectia SSH server earlier than 6.3.3 / 6.2.6 / 6.1.13 / 6.0.20 are vulnerable. A remote, unauthenticated attacker can bypass authentication by sending a specially crafted request, allowing the attackerto authenticate as root.

The software is only vulnerable when running on Unix or Unix-like operating systems.

Solution

Upgrade to Tectia SSH server 6.3.3 / 6.2.6 / 6.1.13 / 6.0.20. Additionally one can disable password authentication in the ssh-server-config.xml configuration file (this file needs to be created if it does not already exists)