PT-2001-2669 · Openssh+1 · Openssh+1

Published

2001-12-31

Updated

2024-07-08

CVE-2001-1585

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions OpenSSH version 2.3.1

Description The issue concerns the SSH protocol 2 public key authentication in OpenSSH, which does not perform a challenge-response step to verify that the client has the proper private key. This allows remote attackers to bypass authentication as other users by supplying a public key from that user's authorized keys file.

Recommendations For OpenSSH version 2.3.1, consider disabling public key authentication until a patch is available, and restrict access to the authorized keys file to minimize the risk of exploitation.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

ALT-PU-2024-3921

ALT-PU-2024-4077

ALT-PU-2024-4467

ALT-PU-2024-9513

CVE-2001-1585

Affected Products

Alt Linux

Openssh

PT-2001-2669 · Openssh+1 · Openssh+1

CVE-2001-1585

Weakness Enumeration

Related Identifiers

Affected Products

References · 354