CVE-2012-5975

The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:ssh:tectia_server:6.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.0.6:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.0.7:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.0.8:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.0.9:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.0.10:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.0.11:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.0.12:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.0.13:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.0.14:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.0.17:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.0.18:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.0.19:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.0.20.:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.1.3:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.1.4:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.1.5:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.1.6:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.1.7:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.1.8:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.1.9:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.1.12:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.2.3:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.2.4:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.2.5:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.3.0:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.3.1:*:*:*:*:*:*:*
cpe:2.3:a:ssh:tectia_server:6.3.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:45

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0013.html - () http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0013.html -
References () http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0065.html - () http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0065.html -
References () http://www.exploit-db.com/exploits/23082/ - () http://www.exploit-db.com/exploits/23082/ -
References () https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ssh/tectia_passwd_changereq.rb - Exploit () https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ssh/tectia_passwd_changereq.rb - Exploit

Information

Published : 2012-12-04 23:55

Updated : 2024-11-21 01:45


NVD link : CVE-2012-5975

Mitre link : CVE-2012-5975

CVE.ORG link : CVE-2012-5975


JSON object : View

Products Affected

linux

  • linux_kernel

ssh

  • tectia_server
CWE
CWE-287

Improper Authentication