Tectia SSH Server Authentication Bypass

critical Nessus Network Monitor Plugin ID 6642

Synopsis

The remote SSH server is vulnerable to an authentication bypass vulnerability

Description

Version of Tectia SSH server earlier than 6.3.3 / 6.2.6 / 6.1.13 / 6.0.20 are vulnerable. A remote, unauthenticated attacker can bypass authentication by sending a specially crafted request, allowing the attackerto authenticate as root.

The software is only vulnerable when running on Unix or Unix-like operating systems.

Solution

Upgrade to Tectia SSH server 6.3.3 / 6.2.6 / 6.1.13 / 6.0.20. Additionally one can disable password authentication in the ssh-server-config.xml configuration file (this file needs to be created if it does not already exists)

See Also

http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0013.html

http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0065.html

Plugin Details

Severity: Critical

ID: 6642

Family: SSH

Published: 12/6/2009

Updated: 3/6/2019

Nessus ID: 63156

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ssh:tectia_server

Patch Publication Date: 12/5/2009

Vulnerability Publication Date: 12/1/2012

Exploitable With

Metasploit (unix/ssh/tectia_passwd_changereq.rb)

Reference Information

CVE: CVE-2012-5975

BID: 56783