ssh vulnerabilities and exploits

7.5
CVSSv2
CVE-2001-1473

The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's...

2.1
CVSSv2
CVE-1999-0787

The SSH authentication agent follows symlinks via a UNIX domain socket....

Ssh
5
CVSSv2
CVE-2001-1474

SSH before 2.0 disables host key checking when connecting to the localhost, which allows remote attackers to silently redirect connections to the localhost by poisoning the client's DNS cache....

7.5
CVSSv2
CVE-1999-0013

Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user....

5
CVSSv2
CVE-2017-1000245

The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file....

7.5
CVSSv2
CVE-2001-1476

SSH before 2.0, with RC4 encryption and the "disallow NULL passwords" option enabled, makes it easier for remote attackers to guess portions of user passwords by replaying user sessions with certain modifications, which trigger different messages depending on whether...

7.5
CVSSv2
CVE-2001-0471

SSH daemon version 1 (aka SSHD-1 or SSH-1) 1.2.30 and earlier does not log repeated login attempts, which could allow remote attackers to compromise accounts without detection via a brute force attack....

Ssh
7.5
CVSSv2
CVE-1999-0310

SSH 1.2.25 on HP-UX allows access to new user accounts....

5
CVSSv2
CVE-2001-1470

The IDEA cipher as implemented by SSH1 does not protect the final block of a message against modification, which allows remote attackers to modify the block without detection by changing its cyclic redundancy check (CRC) to match the modifications to the message....

3.6
CVSSv2
CVE-2001-0259

ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local attackers to recover a SUN-DES-1 magic phrase generated by another user, which the attacker can use to decrypt that user's private key file....

Ssh