Описание
SSH before 2.0, with RC4 encryption and the "disallow NULL passwords" option enabled, makes it easier for remote attackers to guess portions of user passwords by replaying user sessions with certain modifications, which trigger different messages depending on whether the guess is correct or not.
Ссылки
- ExploitPatchUS Government Resource
- ExploitPatchUS Government Resource
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ssh:ssh:1.2.24:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.25:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.26:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.27:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.28:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.29:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.30:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.31:*:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.00356
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
SSH before 2.0, with RC4 encryption and the "disallow NULL passwords" option enabled, makes it easier for remote attackers to guess portions of user passwords by replaying user sessions with certain modifications, which trigger different messages depending on whether the guess is correct or not.
EPSS
Процентиль: 57%
0.00356
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other