SSH Short Password Login Vulnerability

An input validation error exists in version 3.0.0 of the SSH daemon (sshd) running on Unix platforms.

It may be possible for remote users to log in to accounts for which there are two or less characters in the password field of the system password file. Due to the nature of the problem, it may be possible to log in to a vulnerable system using such an account with any password. This may lead to further system compromise.


 

Privacy Statement
Copyright 2010, SecurityFocus