OpenSSH -- PermitRootLogin may allow password connections with 'without-password'

2015-08-20T00:00:00
ID 27FED73E-484F-11E5-825F-C80AA9043978
Type freebsd
Reporter FreeBSD
Modified 2015-08-20T00:00:00

Description

OpenSSH 7.0 contained a logic error in PermitRootLogin= prohibit-password/without-password that could, depending on compile-time configuration, permit password authentication to root while preventing other forms of authentication. This problem was reported by Mantas Mikulenas.