Lucene search
HistoryFeb 08, 2007 - 5:28 p.m.
CVE-2007-0844
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
AI Score
6.8
Confidence
Low
EPSS
0.044
Percentile
92.4%
The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when the allow_blank_passphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase.
Affected configurations
Node
pam_sshpam_sshMatch1.91
Related
prion
prion
Authentication flaw
2007-02-08 17:28:00
ubuntucve
ubuntucve
CVE-2007-0844
2007-02-08 00:00:00
openvas
openvas
Fedora Update for pam_ssh FEDORA-2007-1793
2009-02-27 00:00:00
Fedora Update for pam_ssh FEDORA-2007-1793
2009-02-27 00:00:00
securityvulns
securityvulns
pam_ssh allow_blank_passphrase protection bypass
2007-02-08 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: pam_ssh-1.92-2.fc7
2007-08-24 05:44:36
cvelist
cvelist
CVE-2007-0844
2007-02-08 17:00:00
nessus
nessus
Fedora 7 : pam_ssh-1.92-2.fc7 (2007-1793)
2007-11-06 00:00:00
debiancve
debiancve
CVE-2007-0844
2007-02-08 17:28:00
cve
cve
CVE-2007-0844
2007-02-08 17:28:00
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
AI Score
6.8
Confidence
Low
EPSS
0.044
Percentile
92.4%
Related for NVD:CVE-2007-0844