SSH.OpenSSH.PAM.Authentication.Bypass

description-logoDescription

There is a vulnerability in the challenge authentication code of the OpenSSH (3.7p1 and 3.7.1 p1) when using the SSHv1 protocol and Pluggable Authentication Modules (PAM). The attacker can bypass user authentication.

affected-products-logoAffected Products

OpenSSH OpenSSH 3.7.1 p1 OpenSSH OpenSSH 3.7 p1

Impact logoImpact

This vulnerability could permit a remote attacker to log in to the system as any user, potentially including root, without using a password.

recomended-action-logoRecommended Actions

Bug was fixed in 3.7.2. Apply to latest version or use SSHv2.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)