OSVDB ID: 586 Title: SSH Two Character Password Open Access |
Info |
|
|
Dates |
||||
|
|
Description |
Ssh.com's SSH Communications software contains a flaw that may allow a malicious user to log in to any account with a short password without needing to authenticate. The issue is triggered when the account has a password that is two characters or shorter. It is possible that the flaw may allow improper logins, resulting in a loss of confidentiality. |
Classification |
Location:
Local Access Required,
Remote/Network Access Required
Attack Type: Authentication Management, Input Manipulation, Misconfiguration Impact: Loss of Confidentiality Exploit: Exploit Available Disclosure: OSVDB Verified |
Solution |
Upgrade to version 3.0.1 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): Apply the vendor-supplied patch. Disable password authentication and use another supported form of authentication (public key, SecurID, Kerberos, certificates, Smart Cards, host-based). Limit access to the sshd2 daemon to users with entries in the /etc/passwd and /etc/shadow which exceed two characters, by using the AllowUsers, AllowGroups, DenyUsers, and DenyGroups keywords in the /etc/ssh2/sshd2_config file. Assign a valid password of more than two characters for each account. Assigning a password to some system accounts can cause problems on some operating systems, so this workaround is not recommended by the vendor. SSH Secure Shell 3.0.0 on any Unix or Linux system that uses crypt() for password encryption is vulnerable. This includes most Unix and Linux systems. SSH Secure Shell 2.3 and SSH Secure Shell 2.4 on HP-UX 10.20 and HP-UX 11.00 systems running in TCB mode are also vulerable. Any operating system that does not use the crypt() hash function for password encryption is not vulnerable. |
Products |
|
References |
Credit |
|
yale.edu - Yale University