Lucene search

[email protected]CVE-2012-5975

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-5975

2022-10-0316:15:31

CWE-287

[email protected]

web.nvd.nist.gov

cve-2012-5975

ssh

tectia server

authentication bypass

unix

linux

password authentication

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

Low

0.601 Medium

EPSS

Percentile

97.8%

JSON

The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.

Affected configurations

NVD

Node

sshtectia_serverMatch6.0.4

sshtectia_serverMatch6.0.5

sshtectia_serverMatch6.0.6

sshtectia_serverMatch6.0.7

sshtectia_serverMatch6.0.8

sshtectia_serverMatch6.0.9

sshtectia_serverMatch6.0.10

sshtectia_serverMatch6.0.11

sshtectia_serverMatch6.0.12

sshtectia_serverMatch6.0.13

sshtectia_serverMatch6.0.14

sshtectia_serverMatch6.0.17

sshtectia_serverMatch6.0.18

sshtectia_serverMatch6.0.19

sshtectia_serverMatch6.0.20.

sshtectia_serverMatch6.1.0

sshtectia_serverMatch6.1.1

sshtectia_serverMatch6.1.2

sshtectia_serverMatch6.1.3

sshtectia_serverMatch6.1.4

sshtectia_serverMatch6.1.5

sshtectia_serverMatch6.1.6

sshtectia_serverMatch6.1.7

sshtectia_serverMatch6.1.8

sshtectia_serverMatch6.1.9

sshtectia_serverMatch6.1.12

sshtectia_serverMatch6.2.0

sshtectia_serverMatch6.2.1

sshtectia_serverMatch6.2.2

sshtectia_serverMatch6.2.3

sshtectia_serverMatch6.2.4

sshtectia_serverMatch6.2.5

sshtectia_serverMatch6.3.0

sshtectia_serverMatch6.3.1

sshtectia_serverMatch6.3.2

AND

linuxlinux_kernel

CPENameOperatorVersion
ssh:tectia_serverssh tectia servereq6.0.4
ssh:tectia_serverssh tectia servereq6.0.5
ssh:tectia_serverssh tectia servereq6.0.6
ssh:tectia_serverssh tectia servereq6.0.7
ssh:tectia_serverssh tectia servereq6.0.8
ssh:tectia_serverssh tectia servereq6.0.9
ssh:tectia_serverssh tectia servereq6.0.10
ssh:tectia_serverssh tectia servereq6.0.11
ssh:tectia_serverssh tectia servereq6.0.12
ssh:tectia_serverssh tectia servereq6.0.13

CPE	Name	Operator	Version
ssh:tectia_server	ssh tectia server	eq	6.0.4
ssh:tectia_server	ssh tectia server	eq	6.0.5
ssh:tectia_server	ssh tectia server	eq	6.0.6
ssh:tectia_server	ssh tectia server	eq	6.0.7
ssh:tectia_server	ssh tectia server	eq	6.0.8
ssh:tectia_server	ssh tectia server	eq	6.0.9
ssh:tectia_server	ssh tectia server	eq	6.0.10
ssh:tectia_server	ssh tectia server	eq	6.0.11
ssh:tectia_server	ssh tectia server	eq	6.0.12
ssh:tectia_server	ssh tectia server	eq	6.0.13

Rows per page:

1-10 of 351

References

archives.neohapsis.com/archives/fulldisclosure/2012-12/0013.html

archives.neohapsis.com/archives/fulldisclosure/2012-12/0065.html

www.exploit-db.com/exploits/23082/

github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ssh/tectia_passwd_changereq.rb

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

Low

0.601 Medium

EPSS

Percentile

97.8%

JSON

Related for CVE-2012-5975

nvd1 nessus1 cvelist1 prion1