QwikSec

Security Database

CVE

CWE

Training

CVE-2012-5975

Published: Dec 4, 2012

Modified: Sep 17, 2024

PUBLISHED

Description

The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

exploit

x_refsource_EXPLOIT-DB

20121203 Re: SSH.com Communications SSH Tectia Authentication Bypass Remote Zeroday Exploit (king cope)

mailing-list

x_refsource_FULLDISC

20121201 SSH.com Communications SSH Tectia Authentication Bypass Remote Zeroday Exploit

mailing-list

x_refsource_FULLDISC

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ssh/tectia_passwd_changereq.rb

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.