0.137 Low
EPSS
Percentile
95.7%
libssh versions 0.6 and above have an authentication bypass vulnerability in
the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message
in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect
to initiate authentication, the attacker could successfully authenticate
without any credentials. [1]
0.137 Low
EPSS
Percentile
95.7%