Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2012-5975

The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.

  • Published: Dec 5, 2012
  • Updated: Apr 13, 2023
  • CVE: CVE-2012-5975
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 9.3
  • AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

OWASP TOP 10:

Software From Fixed in
ssh / tectia_server 6.0.4 6.0.4.x
ssh / tectia_server 6.0.5 6.0.5.x
ssh / tectia_server 6.0.6 6.0.6.x
ssh / tectia_server 6.0.7 6.0.7.x
ssh / tectia_server 6.0.8 6.0.8.x
ssh / tectia_server 6.0.9 6.0.9.x
ssh / tectia_server 6.0.10 6.0.10.x
ssh / tectia_server 6.0.11 6.0.11.x
ssh / tectia_server 6.0.12 6.0.12.x
ssh / tectia_server 6.0.13 6.0.13.x
ssh / tectia_server 6.0.14 6.0.14.x
ssh / tectia_server 6.0.17 6.0.17.x
ssh / tectia_server 6.0.18 6.0.18.x
ssh / tectia_server 6.0.19 6.0.19.x
ssh / tectia_server 6.0.20. 6.0.20..x
ssh / tectia_server 6.1.0 6.1.0.x
ssh / tectia_server 6.1.1 6.1.1.x
ssh / tectia_server 6.1.2 6.1.2.x
ssh / tectia_server 6.1.3 6.1.3.x
ssh / tectia_server 6.1.4 6.1.4.x
ssh / tectia_server 6.1.5 6.1.5.x
ssh / tectia_server 6.1.6 6.1.6.x
ssh / tectia_server 6.1.7 6.1.7.x
ssh / tectia_server 6.1.8 6.1.8.x
ssh / tectia_server 6.1.9 6.1.9.x
ssh / tectia_server 6.1.12 6.1.12.x
ssh / tectia_server 6.2.0 6.2.0.x
ssh / tectia_server 6.2.1 6.2.1.x
ssh / tectia_server 6.2.2 6.2.2.x
ssh / tectia_server 6.2.3 6.2.3.x
ssh / tectia_server 6.2.4 6.2.4.x
ssh / tectia_server 6.2.5 6.2.5.x
ssh / tectia_server 6.3.0 6.3.0.x
ssh / tectia_server 6.3.1 6.3.1.x
ssh / tectia_server 6.3.2 6.3.2.x