Authentication By-Pass Vulnerability in OpenSSH-2.3.1 (devel snapshot)

Type securityvulns
Reporter Securityvulns
Modified 2001-02-10T00:00:00


Please, check for a full summary of security related issues in OpenSSH.

                    OpenBSD Security Advisory

                        February 8, 2001

         Authentication By-Pass Vulnerability in OpenSSH-2.3.1


OpenSSH-2.3.1, a development snapshot, only checked if a public key for public key authentication was permitted. In the protocol 2 part of the server, the challenge-response step that ensures that the connecting client is in possession of the corresponding private key has been omitted. As a result, anyone who could obtain the public key listed in the users authorized_keys file could log in as that user without authentication.

A fix for this problem was committed on Februrary 8th. The problem was introduced on January 18th. This is a three week time window.


This vulnerability affects only OpenSSH version 2.3.1 with support for protocol 2 enabled. The latest official release OpenSSH 2.3.0 is not affected by this problem. The latest snapshot version OpenSSH 2.3.2 is not affected either.


If you installed the OpenSSH 2.3.1 development snapshot, install the latest snapshot. Currently, the latest snapshot is OpenSSH 2.3.2 which is available via