Vulnerabilities > CVE-2002-1646 - Unspecified vulnerability in SSH Secure Shell FOR Servers
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to override the AllowedAuthentications configuration and use less secure authentication schemes (e.g. password) than configured for the server.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Nessus
| NASL family | Misc. |
| NASL id | SSH_ALLOWEDAUTHENTICATIONS.NASL |
| description | The remote host is running a version of SSH that is older than 3.1.2 and newer or equal to 3.0.0. There is a vulnerability in this release that may, under some circumstances, allow users to authenticate using a password whereas it is not explicitly listed as a valid authentication mechanism. An attacker may use this flaw to attempt to brute-force a password using a dictionary attack (if the passwords used are weak). |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 10965 |
| published | 2002-05-24 |
| reporter | This script is Copyright (C) 2002-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/10965 |
| title | SSH 3 AllowedAuthentications Remote Bypass |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-05/0204.html
- http://www.ciac.org/ciac/bulletins/m-081.shtml
- http://www.kb.cert.org/vuls/id/341187
- http://www.securityfocus.com/bid/4810
- http://www.ssh.com/company/newsroom/article/201/
- http://www.ssh.com/products/ssh/advisories/authentication.cfm
- https://exchange.xforce.ibmcloud.com/vulnerabilities/9163