FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenSSH -- PermitRootLogin may allow password connections with 'without-password'

Affected packages
openssh-portable = 7.0.p1,1

Details

VuXML ID 27fed73e-484f-11e5-825f-c80aa9043978
Discovery 2015-08-20
Entry 2015-08-21

OpenSSH 7.0 contained a logic error in PermitRootLogin= prohibit-password/without-password that could, depending on compile-time configuration, permit password authentication to root while preventing other forms of authentication. This problem was reported by Mantas Mikulenas.

[source]

References

URL http://www.openssh.com/txt/release-7.1

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.