Authentication Bypass

2019-01-1509:21:17

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.048 Low

EPSS

Percentile

92.7%

JSON

paramiko is vulnerable to authentication bypass attacks. The vulnerability exists as the SSH server implementation of paramiko processes requests without waiting for the completion of authentication. This allows attackers to use a customized SSH client that skips authentication and continue its unauthenticated session.

CPENameOperatorVersion
python-paramikoeq2.1.1__3.el7
python-paramikoeq2.1.1__2.el7ae
python-paramikoeq1.15.1__2.el7ost
python-paramikoeq2.1.1__2.el7
python-paramikoeq1.15.1__1.el7
python-paramikoeq1.7.5__2.1.el6
python-paramikoeq1.11.3__1.el7ost
python-paramikoeq1.15.2__1.el7
python-paramikoeq2.0.0__1.0.el7ost
python-paramikoeq2.1.1__1.el7

Name	Operator	Version
python-paramiko	eq	2.1.1__3.el7
python-paramiko	eq	2.1.1__2.el7ae
python-paramiko	eq	1.15.1__2.el7ost
python-paramiko	eq	2.1.1__2.el7
python-paramiko	eq	1.15.1__1.el7
python-paramiko	eq	1.7.5__2.1.el6
python-paramiko	eq	1.11.3__1.el7ost
python-paramiko	eq	1.15.2__1.el7
python-paramiko	eq	2.0.0__1.0.el7ost
python-paramiko	eq	2.1.1__1.el7