CVE-2007-0844

Name of the Vulnerable Software and Affected Versions: pam ssh versions prior to 1.92

Description: The issue allows remote attackers to bypass authentication restrictions by using private encryption keys that require a blank passphrase, even when the allow blank passphrase option is disabled. This is possible by entering a non-blank passphrase in the auth via key function.

Recommendations: For versions prior to 1.92, update to version 1.92 or later to resolve the issue. As a temporary workaround, consider enabling the allow blank passphrase option to restrict the use of private encryption keys with blank passphrases.