Computer Security
[EN] securityvulns.ru no-pyccku


pam_ssh allow_blank_passphrase protection bypass
Published:08.02.2007
Source:
SecurityVulns ID:7204
Type:library
Threat Level:
5/10
Description:The allow_blank_passphrase option was defeatable by entering a random but non-blank passphrase.
Affected:PAMSSH : pam_ssh 1.91
CVE:CVE-2007-0844 (The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when the allow_blank_passphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase.)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod