Pam_ssh Blank Passphrase Restriction Authentication Bypass Vulnerability

Bugtraq ID:	22461
Class:	Design Error
CVE:	CVE-2007-0844
Remote:	Yes
Local:	No
Published:	Nov 07 2006 12:00AM
Updated:	May 12 2015 07:34PM
Credit:	Rob Henderson is credited with the discovery of this vulnerability.
Vulnerable:
Not Vulnerable:	pam_ssh pam_ssh 1.92

Pam_ssh Blank Passphrase Restriction Authentication Bypass Vulnerability

Pam_ssh is prone to a vulnerability that allows attackers to bypass the authentication restrictions on built-in blank passphrases.

The application intends to restrict users from authenticating with blank passwords on their private key. This restriction can be bypassed, however, by issuing a non-blank password as input when authenticating using a key with a blank passphrase.

Pam_ssh version 1.91 is vulnerable.

Pam_ssh Blank Passphrase Restriction Authentication Bypass Vulnerability

An attacker can exploit this issue using ssh client software.

Pam_ssh Blank Passphrase Restriction Authentication Bypass Vulnerability

Solution:
The vendor has released version 1.92 to address this issue; please see the references for details.

Pam_ssh Blank Passphrase Restriction Authentication Bypass Vulnerability

References:

• pam_ssh 1.92 changelog (pam_ssh)
  
• pam_ssh Homepage (pam_ssh)