CVE-2002-1646

SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to override the AllowedAuthentications configuration and use less secure authentication schemes (e.g. password) than configured for the server.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2002-05/0204.html	Patch
http://www.ciac.org/ciac/bulletins/m-081.shtml
http://www.kb.cert.org/vuls/id/341187	US Government Resource
http://www.securityfocus.com/bid/4810	Patch
http://www.ssh.com/company/newsroom/article/201/
http://www.ssh.com/products/ssh/advisories/authentication.cfm	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/9163

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ssh:secure_shell_for_servers:3.0:::::::*
	cpe:2.3:a:ssh:secure_shell_for_servers:3.0.1:::::::*
	cpe:2.3:a:ssh:secure_shell_for_servers:3.1:::::::*
	cpe:2.3:a:ssh:secure_shell_for_servers:3.1.1:::::::*

History

No history.

Information

Published : 2002-12-31 05:00

Updated : 2024-02-28 10:24

NVD link : CVE-2002-1646

Mitre link : CVE-2002-1646

CVE.ORG link : CVE-2002-1646

JSON object : View

Products Affected

ssh

secure_shell_for_servers

CWE

NVD-CWE-Other

{"id": "CVE-2002-1646", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2002-12-31T05:00:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0204.html", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.ciac.org/ciac/bulletins/m-081.shtml", "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/341187", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/4810", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.ssh.com/company/newsroom/article/201/", "source": "cve@mitre.org"}, {"url": "http://www.ssh.com/products/ssh/advisories/authentication.cfm", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9163", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to override the AllowedAuthentications configuration and use less secure authentication schemes (e.g. password) than configured for the server."}], "lastModified": "2017-07-11T01:29:18.447", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ssh:secure_shell_for_servers:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A1AD6B7-A164-49CD-A882-12C5D484CE9F"}, {"criteria": "cpe:2.3:a:ssh:secure_shell_for_servers:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B20DF45-5EC3-4771-A589-B7264152BB7C"}, {"criteria": "cpe:2.3:a:ssh:secure_shell_for_servers:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89B02880-2593-4071-B2E4-5AFC462A8CF5"}, {"criteria": "cpe:2.3:a:ssh:secure_shell_for_servers:3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "361B7BE0-4779-4692-8D7B-1B940E58BFA0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}