Vulnerability Details CVE-2002-1646
SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to override the AllowedAuthentications configuration and use less secure authentication schemes (e.g. password) than configured for the server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 81.7%
CVSS Severity
CVSS v2 Score 7.5
References
- http://archives.neohapsis.com/archives/bugtraq/2002-05/0204.html
- http://www.ciac.org/ciac/bulletins/m-081.shtml
- http://www.kb.cert.org/vuls/id/341187
- http://www.securityfocus.com/bid/4810
- http://www.ssh.com/company/newsroom/article/201/
- http://www.ssh.com/products/ssh/advisories/authentication.cfm
- https://exchange.xforce.ibmcloud.com/vulnerabilities/9163
- http://archives.neohapsis.com/archives/bugtraq/2002-05/0204.html
- http://www.ciac.org/ciac/bulletins/m-081.shtml
- http://www.kb.cert.org/vuls/id/341187
- http://www.securityfocus.com/bid/4810
- http://www.ssh.com/company/newsroom/article/201/
- http://www.ssh.com/products/ssh/advisories/authentication.cfm
- https://exchange.xforce.ibmcloud.com/vulnerabilities/9163
Products affected by CVE-2002-1646
-
cpe:2.3:a:ssh:secure_shell_for_servers:3.0
-
cpe:2.3:a:ssh:secure_shell_for_servers:3.0.1
-
cpe:2.3:a:ssh:secure_shell_for_servers:3.1
-
cpe:2.3:a:ssh:secure_shell_for_servers:3.1.1