[NTLUG:Discuss] Hole found in SSH remote access software for Unix
Richard Geoffrion
richard at rain.lewisville.tx.us
Sat Jul 14 11:25:04 CDT 2001
oh yeah (long A sound) just what we need...
http://iwsun4.infoworld.com/articles/hn/xml/01/07/24/010724hnssh.xml?0724ale
rt
<snip>
Hole found in SSH remote access software for Unix
By Joris Evers
July 24, 2001 8:06 am PT
A FLAW IN SSH Secure Shell 3.0.0 remote access software for Unix could allow
attackers to gain full control over servers and workstations running various
flavors of Unix, software maker SSH Communications Security warned Monday.
The problem lies in the software's password authentication. Accounts with
passwords that consist of two or fewer characters can be accessed without
entering a password at all, SSH said in a statement on its Web site.
Such a short password isn't likely for a regular user account, but is common
for several administrative accounts used to manage specific parts of the
server. These accounts, which are installed by default when the operating
system is installed, have standard log-in names and passwords and are
normally only accessible locally.
</snip>
More information about the Discuss
mailing list