vendor:
Tectia Server
by:
Kingcope
7,5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: Tectia Server
Affected Version From: 6.0.11.5
Affected Version To: 6.1.9.95
Patch Exists: YES
Related CWE: N/A
CPE: a:ssh:tectia_server
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: UNIX (AIX/Linux)
2006
SSH Tectia Remote Authentication Bypass
An attacker in the possession of a valid username of an SSH Tectia installation running on UNIX (verified: AIX/Linux) can login without a password. The bug is in the SSH USERAUTH CHANGE REQUEST routines which are there to allow a user to change their password. A bug in this code allows an attacker to login without a password by forcing a password change request prior to authentication.
Mitigation:
Upgrade to the latest version of SSH Tectia Server.
