Test ID:	1.3.6.1.4.1.25623.1.0.10965
Category:	Gain a shell remotely
Title:	SSH 3 AllowedAuthentication
Summary:	NOSUMMARY
Description:	Description: You are running a version of SSH which is older than 3.1.2 and newer or equal to 3.0.0. There is a vulnerability in this release that may, under some circumstances, allow users to authenticate using a password whereas it is not explicitly listed as a valid authentication mechanism. An attacker may use this flaw to attempt to brute force a password using a dictionary attack (if the passwords used are weak). Solution : Upgrade to version 3.1.2 of SSH which solves this problem. Risk factor : Low
Cross-Ref:	BugTraq ID: 4810 Common Vulnerability Exposure (CVE) ID: CVE-2002-1646 http://www.securityfocus.com/bid/4810 Bugtraq: 20020523 [Fwd: Updated version of SSH Secure Shell available] (Google Search) http://archives.neohapsis.com/archives/bugtraq/2002-05/0204.html CERT/CC vulnerability note: VU#341187 http://www.kb.cert.org/vuls/id/341187 Computer Incident Advisory Center Bulletin: M-081 http://www.ciac.org/ciac/bulletins/m-081.shtml XForce ISS Database: ssh-allowedauthentications-bypass-auth(9163) https://exchange.xforce.ibmcloud.com/vulnerabilities/9163
Copyright	This script is Copyright (C) 2002 Renaud Deraison

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.