CVE Details for CVE: CVE-2002-1646
Summary
SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to override the AllowedAuthentications configuration and use less secure authentication schemes (e.g. password) than configured for the server.
| Timestamps | |
|---|---|
| Last major update | 11-07-2017 - 01:29 |
| Published | 31-12-2002 - 05:00 |
| Last modified | 11-07-2017 - 01:29 |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-05/0204.html
- http://www.ssh.com/products/ssh/advisories/authentication.cfm
- http://www.kb.cert.org/vuls/id/341187
- http://www.securityfocus.com/bid/4810
- http://www.ciac.org/ciac/bulletins/m-081.shtml
- http://www.ssh.com/company/newsroom/article/201/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/9163
Vulnerable Configurations
-
cpe:2.3:a:ssh:secure_shell_for_servers:3.0:*:*:*:*:*:*:*
cpe:2.3:a:ssh:secure_shell_for_servers:3.0:*:*:*:*:*:*:*
-
cpe:2.3:a:ssh:secure_shell_for_servers:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ssh:secure_shell_for_servers:3.0.1:*:*:*:*:*:*:*
-
cpe:2.3:a:ssh:secure_shell_for_servers:3.1:*:*:*:*:*:*:*
cpe:2.3:a:ssh:secure_shell_for_servers:3.1:*:*:*:*:*:*:*
-
cpe:2.3:a:ssh:secure_shell_for_servers:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ssh:secure_shell_for_servers:3.1.1:*:*:*:*:*:*:*
CWE
CVSS
Base
7.5
Impact
6.4
Exploitability
10.0
Access
| Vector | Complexity | Authentication |
|---|---|---|
| NETWORK | LOW | NONE |
Impact
| Confidentiality | Integrity | Availability |
|---|---|---|
| PARTIAL | PARTIAL | PARTIAL |
CVSS3
None