| Vulnerability Name: | CVE-2001-1585 (CCN-6084) | ||||||||
| Assigned: | 2001-02-08 | ||||||||
| Published: | 2001-02-08 | ||||||||
| Updated: | 2017-07-29 | ||||||||
| Summary: | SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user's authorized_keys file. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-287 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: BUGTRAQ Type: UNKNOWN 20010208 Authentication By-Pass Vulnerability in OpenSSH-2.3.1 (devel snapshot) Source: MITRE Type: CNA CVE-2001-1585 Source: BID Type: Patch 2356 Source: CCN Type: OpenBSD Security Advisory Authentication By-Pass Vulnerability in OpenSSH-2.3.1 Source: CONFIRM Type: Patch http://www.openbsd.org/advisories/ssh_bypass.txt Source: CCN Type: OpenSSH Web site *NEW*OpenSSH 2.3.0 released Nov 6, 2000. Source: CCN Type: OSVDB ID: 504 OpenSSH SSHv2 Public Key Authentication Bypass Source: CCN Type: BID-2356 OpenSSH Private Key Authentication Check Vulnerability Source: XF Type: UNKNOWN openssh-bypass-authentication(6084) Source: XF Type: UNKNOWN openssh-bypass-authentication(6084) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||