vendor:
FreeSSHD
by:
Kingcope
7,5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: FreeSSHD
Affected Version From: All versions
Affected Version To: All versions
Patch Exists: Yes
Related CWE: N/A
CPE: a:freesshd:freesshd
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2011
FreeSSHD all version Remote Authentication Bypass ZERODAY
FreeSSHD all versions are vulnerable to a remote authentication bypass vulnerability. This vulnerability was discovered and exploited by Kingcope in 2011. To exploit this vulnerability, an attacker can use the ssh.exe command with a valid username and the host. Valid usernames can include root, admin, administrator, webadmin, sysadmin, netadmin, guest, user, web, test, ssh, sftp, ftp, or anything else the attacker can imagine. The vulnerable banner of the most recent version is SSH-2.0-WeOnlyDo 2.1.3.
Mitigation:
Users should upgrade to the latest version of FreeSSHD to mitigate this vulnerability.
