OpenSSH 5.3 Detection Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

7

OpenSSH 5.3 Detection Scanner Detail

OpenSSH 5.3 is vulnerable to username enumeration and DoS vulnerabilities.

Versions of OpenSSH server before 5.7 may be affected by the following vulnerabilities :

  • A security bypass vulnerability because OpenSSH does not properly validate the public parameters in the J-PAKE protocol. This could allow an attacker to authenticate without the shared secret. Note that this issue is only exploitable when OpenSSH is built with J-PAKE support, which is currently experimental and disabled by default. (CVE-2010-4478)
  • The auth_parse options function in auth-options.c in sshd provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages. (CVE-2012-0841)

Some Advice for Common Problems

Upgrade to OpenSSH version 5.7 or later.

Community Discussions

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service