Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2002-2018 Tenable Network Security, Inc.SSH_ALLOWEDAUTHENTICATIONS.NASL
HistoryMay 24, 2002 - 12:00 a.m.

SSH 3 AllowedAuthentications Remote Bypass

2002-05-2400:00:00
This script is Copyright (C) 2002-2018 Tenable Network Security, Inc.
www.tenable.com
18
JSON

The remote host is running a version of SSH that is older than 3.1.2 and newer or equal to 3.0.0.

There is a vulnerability in this release that may, under some circumstances, allow users to authenticate using a password whereas it is not explicitly listed as a valid authentication mechanism.

An attacker may use this flaw to attempt to brute-force a password using a dictionary attack (if the passwords used are weak).

#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if(description)
{
 script_id(10965);
 script_version ("1.24");
 script_cve_id("CVE-2002-1646");
 script_bugtraq_id(4810);

 script_name(english:"SSH 3 AllowedAuthentications Remote Bypass");

 script_set_attribute(attribute:"synopsis", value:
"The remote SSH server may accept password-based authentications even
when not explicitely enabled." );
 script_set_attribute(attribute:"description", value:
"The remote host is running a version of SSH that is older than 3.1.2
and newer or equal to 3.0.0.

There is a vulnerability in this release that may, under some
circumstances, allow users to authenticate using a password whereas it
is not explicitly listed as a valid authentication mechanism.

An attacker may use this flaw to attempt to brute-force a password
using a dictionary attack (if the passwords used are weak)." );
 script_set_attribute(attribute:"solution", value:
"Upgrade to version 3.1.2 of SSH, which solves this problem." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"plugin_publication_date", value: "2002/05/24");
 script_set_attribute(attribute:"vuln_publication_date", value: "2002/05/24");
 script_cvs_date("Date: 2018/07/30 15:31:32");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();


 script_summary(english:"Checks for the remote SSH version");
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2002-2018 Tenable Network Security, Inc.");
 script_family(english:"Misc.");
 script_dependencie("ssh_detect.nasl");
 script_require_ports("Services/ssh", 22);
 exit(0);
}

#
# The script code starts here
#
include("backport.inc");

port = get_kb_item("Services/ssh");
if(!port)port = 22;

banner = get_kb_item("SSH/banner/" + port);
if ( ! banner ) exit(0);
banner = tolower(get_backport_banner(banner:banner));


if("openssh" >< banner)exit(0);
if("f-secure" >< banner)exit(0);
if("mpSSH" >< banner)exit(0);
if("Sun_SSH" >< banner)exit(0);

if(ereg(pattern:"SSH[-_](3\.(0\.[0-9]+)|(1\.[01])[^0-9]*)$", string:banner))
	security_note(port);

Related

cve 1
cve
cve
CVE-2002-1646
2002-12-31 05:00:00
JSON
Related for SSH_ALLOWEDAUTHENTICATIONS.NASL
cve1