• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

SSH Communications Secure Shell Server AllowedAuthentications Configuration Overriding Vulnerability

Secure Shell is the commercial SSH implementation distributed and maintained by SSH Communications. It is available for the Unix, Linux, and Microsoft Windows platforms.

Under some circumstances, it may be possible for a remote user to bypass the "AllowedAuthentications" specified in the server configuration. This could allow a user to authenticate using a different or weaker means, such as a password. In such a situation where stronger authentication protocols are in place, and system user accounts have been secured with weak passwords, an attacker may be able to gain access to the system using the weak password, rather than the strong authentcation scheme.