A remotely exploitable authentication vulnerability exists in the SSH Communications Security SSH Secure Shell server, and possibly other SSH servers.
SSH is a program used to provide secure communications between hosts. Versions 3.0.0 - 3.1.1 of SSH Secure Shell for Servers does not properly enforce client authentication. As a result, an attacker can attempt to authenticate to an SSH server using password authentication.
There are two methods a client can use to authenticate to an SSH server. The first method is password authentication. This method is generally the easiest to set up, but the least secure. As long as the client has a valid username and password, they can gain access to the system running the SSH server. The second method is public key authentication. Public key authentication is one of the most secure methods to authenticate a user. For a client to gain access to a system using public key authentication, a copy of the client's public key must exist on the SSH server. The client must also have the private key in possession as well as the passphrase associated with the private key.
An attacker can attempt to authenticate to the vulnerable SSH server using password authentication, even if the server is configured to only allow public key authentication.
Apply a patch from your vendor or upgrade your software.
Use "RequiredAuthentications" keyword instead of "AllowedAuthentications" in sshd2_config:
The CERT/CC thanks SSH Communications Security for reporting this vulnerability to us.
This document was written by Ian A. Finlay.
|Date First Published:||2002-05-21|
|Date Last Updated:||2002-10-30 14:39 UTC|