Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when the allow_blank_passphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
pam_ssh空密码短语绕过认证限制漏洞
Vulnerability Description
pam_ssh是结合SSH密钥和SSH客户端使用的PAM模块,允许使用SSH密钥为UNIX提供登录服务。 pam_ssh的实现上存在漏洞,远程攻击者可能利用此漏洞获取非授权访问。 如果禁用了allow_blank_passphrase选项的话,pam_ssh的pam_ssh.c文件中的auth_via_key函数会无法正确地限制同空密码短语使用私钥。在提示输入密码短语时用户可以输入随机的非空短语绕过认证限制而使用空密码短语私钥。
CVSS Information
N/A
Vulnerability Type
N/A