Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SSH Tectia Server 安全绕过漏洞
Vulnerability Description
SSH Tectia Server是商业性质的SSH服务器平台,适用于多种银行、保险等企业。 基于UNIX和Linux系统上的SSH Tectia Server 6.0.4至6.0.20、6.1.0至6.1.12、6.2.0至6.2.5以及6.3.0至6.3.2版本中的‘SSH USERAUTH CHANGE REQUEST’函数中存在漏洞。当old-style密码身份验证启用时,通过包含空密码条目的特制会话(如来自修改OpenSSH客户端带有添加sshconnect2.c中的‘input_useraut
CVSS Information
N/A
Vulnerability Type
N/A