CVE-2001-1476

Name of the Vulnerable Software and Affected Versions SSH versions prior to 2.0

Description The issue makes it easier for remote attackers to guess portions of user passwords by replaying user sessions with certain modifications. This is possible when RC4 encryption is used and the "disallow NULL passwords" option is enabled, triggering different messages depending on whether the guess is correct or not.

Recommendations For SSH versions prior to 2.0, consider disabling RC4 encryption and the "disallow NULL passwords" option as a temporary workaround until a patch is available. Restrict access to minimize the risk of exploitation.