PT-2012-6215 · Ssh+1 · Ssh Tectia Server+1
Kingcope
·
Published
2012-12-04
·
Updated
2012-12-05
·
CVE-2012-5975
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
SSH Tectia Server versions 6.0.4 through 6.0.20
SSH Tectia Server versions 6.1.0 through 6.1.12
SSH Tectia Server versions 6.2.0 through 6.2.5
SSH Tectia Server versions 6.3.0 through 6.3.2
Description
The issue allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords when old-style password authentication is enabled. This can be demonstrated by a root login session from a modified OpenSSH client.
Recommendations
For SSH Tectia Server versions 6.0.4 through 6.0.20, disable old-style password authentication to prevent exploitation.
For SSH Tectia Server versions 6.1.0 through 6.1.12, disable old-style password authentication to prevent exploitation.
For SSH Tectia Server versions 6.2.0 through 6.2.5, disable old-style password authentication to prevent exploitation.
For SSH Tectia Server versions 6.3.0 through 6.3.2, disable old-style password authentication to prevent exploitation.
Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openssh
Ssh Tectia Server