SSH.OpenSSH.PAM.Authentication.Bypass
Description
There is a vulnerability in the challenge authentication code of the OpenSSH (3.7p1 and 3.7.1 p1) when using the SSHv1 protocol and Pluggable Authentication Modules (PAM). The attacker can bypass user authentication.
Affected Products
OpenSSH OpenSSH 3.7.1 p1 OpenSSH OpenSSH 3.7 p1
Impact
This vulnerability could permit a remote attacker to log in to the system as any user, potentially including root, without using a password.
Recommended Actions
Bug was fixed in 3.7.2. Apply to latest version or use SSHv2.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |