Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0553 — Secure Shell vulnerability

3 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.3%

top 42.82%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

SSH Secure Shell

Timeline

PublishedAug 14

Latest updateApr 30

Description

SSH Secure Shell 3.0.0 on Unix systems does not properly perform password authentication to the sshd2 daemon, which allows local users to gain access to accounts with short password fields, such as locked accounts that use "NP" in the password field.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDssh/secure_shell3.0.0

Patches

Patch: archives.neohapsis.com ↗Patch: archives.neohapsis.com ↗

🔴Vulnerability Details

GHSA

GHSA-4jrf-5jjq-9v28: SSH Secure Shell 3↗2022-04-30

▶

💥Exploits & PoCs

Exploit-DB

SSH2 3.0 - Short Password Login↗2001-07-21

▶