PT-2001-1755 · Ssh · Ssh Secure Shell

Published

2001-08-14

Updated

2017-10-10

CVE-2001-0553

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: SSH Secure Shell version 3.0.0

Description: The issue concerns improper password authentication to the sshd2 daemon, allowing local users to gain access to certain accounts. Specifically, it affects accounts with short password fields, such as locked accounts that use "NP" in the password field.

Recommendations: For SSH Secure Shell version 3.0.0, consider updating the password authentication mechanism to properly handle short password fields, or restrict access to locked accounts until a proper fix is applied. As a temporary workaround, avoid using short password fields, especially "NP" in locked accounts, to minimize the risk of unauthorized access.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-0553

Affected Products

Ssh Secure Shell

PT-2001-1755 · Ssh · Ssh Secure Shell

CVE-2001-0553

Related Identifiers

Affected Products

References · 9