dropbear is vulnerable to improper access control. The vulnerability exists due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code which allows an attacker to abuse a forwarded agent for logging on to another server.