Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-5975Improper Authentication in Tectia Server

CWE-287Improper Authentication5 documents4 sources
Severity
9.3CRITICALNVD
EPSS
25.7%
top 3.74%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
SSH Tectia Server
Timeline
PublishedDec 4
Latest updateMay 17

Description

The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDssh/tectia_server35 versions+34

🔴Vulnerability Details

2
GHSA
GHSA-rg8f-w58v-jv6v: The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 62022-05-17
CVEList
CVE-2012-5975: The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 62012-12-04

💥Exploits & PoCs

2
Exploit-DB
(SSH.com Communications) SSH Tectia - USERAUTH Change Request Password Reset (Metasploit)2012-12-05
Exploit-DB
(SSH.com Communications) SSH Tectia (SSH < 2.0-6.1.9.95 / Tectia 6.1.9.95) - Remote Authentication Bypass2012-12-02
CVE-2012-5975 — Improper Authentication | cvebase