Lucene search
HistoryFeb 08, 2007 - 5:28 p.m.
CVE-2007-0844
security
pam_ssh
authentication
bypass
cve-2007-0844
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
6.6 Medium
AI Score
Confidence
Low
0.044 Low
EPSS
Percentile
92.5%
The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when the allow_blank_passphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase.
Affected configurations
Node
pam_sshpam_sshMatch1.91
| CPE | Name | Operator | Version |
|---|---|---|---|
| pam_ssh:pam_ssh | pam ssh | eq | 1.91 |
Related
ubuntucve
ubuntucve
CVE-2007-0844
2007-02-08 00:00:00
prion
prion
Authentication flaw
2007-02-08 17:28:00
openvas
openvas
Fedora Update for pam_ssh FEDORA-2007-1793
2009-02-27 00:00:00
Fedora Update for pam_ssh FEDORA-2007-1793
2009-02-27 00:00:00
nvd
nvd
CVE-2007-0844
2007-02-08 17:28:00
cvelist
cvelist
CVE-2007-0844
2007-02-08 17:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: pam_ssh-1.92-2.fc7
2007-08-24 05:44:36
securityvulns
securityvulns
pam_ssh allow_blank_passphrase protection bypass
2007-02-08 00:00:00
nessus
nessus
Fedora 7 : pam_ssh-1.92-2.fc7 (2007-1793)
2007-11-06 00:00:00
debiancve
debiancve
CVE-2007-0844
2007-02-08 17:28:00
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
6.6 Medium
AI Score
Confidence
Low
0.044 Low
EPSS
Percentile
92.5%
Related for CVE-2007-0844