besides that i doubt on a server responding with "Permission denied
(publickey)" (means: no password auth) "The flaw exists due to the
auth_password function in 'auth-passwd.c' script does not limit password
lengths for password authentication" can be triggered
Fedora:
* Di Aug 09 2016 Jakub Jelen <[email protected]> - 7.2p2-12 + 0.10.2-3
- CVE-2016-6515: Denial of service via very long passwords (#1364936)
High (CVSS: 7.8)
NVT: OpenSSH 'auth_password' Denial of Service Vulnerability (Windows)
(OID: 1.3.6.1.4.1.25623.1.0.809121)
Product detection result: cpe:/a:openbsd:openssh:7.2 by SSH Server type
and version (OID: 1.3.6.1.4.1.25623.1.0.10267)
Summary
This host is installed with openssh and is prone to denial of service
vulnerability.
Vulnerability Detection Result
Installed version: 7.2
Fixed version: 7.3
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
