CVE-2012-6066

freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.

Published: Dec 5, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-6066
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
freesshd / freesshd	1.2.1	1.2.1.x
freesshd / freesshd	-	1.2.6.x
freesshd / freesshd	1.2.2	1.2.2.x

http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0012.html

Vulnerability Database

290,020

CVE-2012-6066