PT-2012-6215 · Ssh+1 · Ssh Tectia Server+1
Kingcope
·
Publicado
2012-12-04
·
Atualizado
2012-12-05
·
CVE-2012-5975
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
SSH Tectia Server versions 6.0.4 through 6.0.20
SSH Tectia Server versions 6.1.0 through 6.1.12
SSH Tectia Server versions 6.2.0 through 6.2.5
SSH Tectia Server versions 6.3.0 through 6.3.2
Description
The issue allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords when old-style password authentication is enabled. This can be demonstrated by a root login session from a modified OpenSSH client.
Recommendations
For SSH Tectia Server versions 6.0.4 through 6.0.20, disable old-style password authentication to prevent exploitation.
For SSH Tectia Server versions 6.1.0 through 6.1.12, disable old-style password authentication to prevent exploitation.
For SSH Tectia Server versions 6.2.0 through 6.2.5, disable old-style password authentication to prevent exploitation.
For SSH Tectia Server versions 6.3.0 through 6.3.2, disable old-style password authentication to prevent exploitation.
Exploit
Correção
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Openssh
Ssh Tectia Server