| VID |
14037 |
| Severity |
20 |
| Port |
22 |
| Protocol |
TCP |
| Class |
SSH |
| Detailed Description |
The F-Secure SSH server, according to its version number, is vulnerable to a password authentication policy evasion vulnerability. This vulnerability is due to a design error that potentially allows a remote attacker to use password authentication even though the server policy disallows it. A remote attacker could use this vulnerability to set up a dictionary attack against the affected SSH server and eventually get access to the server.
* Note: This check solely relied on the banner of the remote SSH server to assess this vulnerability, so this might be a false positive.
* Platforms Affected:
F-Secure Corporation: F-Secure SSH 3.1.0 build 9 prior
Linux Any version |
| Recommendation |
As a workaround, it is advised that deny password authentication using the "RequiredAuthentications" configuration.
-- OR --
Upgrade to the latest version of F-Secure SSH (3.1.0 build 9 or later), available from the F-Secure Web site at http://www.f-secure.com/webclub/ssh/ |
| Related URL |
(CVE) |
| Related URL |
9824 (SecurityFocus) |
| Related URL |
(ISS) |
|
