PT-2001-2669 · Openssh+1 · Openssh+1

Publicado

2001-12-31

Atualizado

2024-07-08

CVE-2001-1585

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions OpenSSH version 2.3.1

Description The issue concerns the SSH protocol 2 public key authentication in OpenSSH, which does not perform a challenge-response step to verify that the client has the proper private key. This allows remote attackers to bypass authentication as other users by supplying a public key from that user's authorized keys file.

Recommendations For OpenSSH version 2.3.1, consider disabling public key authentication until a patch is available, and restrict access to the authorized keys file to minimize the risk of exploitation.

Exploit

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

ALT-PU-2024-3921

ALT-PU-2024-4077

ALT-PU-2024-4467

ALT-PU-2024-9513

CVE-2001-1585

Produtos afetados

Alt Linux

Openssh

PT-2001-2669 · Openssh+1 · Openssh+1

CVE-2001-1585

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 354