[Home] [Credit Search] [Category Browser] [Staff Roll Call] The LINUX.COM Article Archive
Originally Published: Wednesday, 15 December 1999 Author: Quentin Cregan
Published to: news_enhance_security/Security News Page: 1/1 - [Std View]

sshd1 allows server to use unencrypted sessions.

[BugTraq]: "While working on OpenSSH I discovered the following defect in ssh-1.2.27, OpenSSH and other related implementations of SSH1: A malicious ssh-client can force a server to use the so called cipher "none" even if the server-policy does not permit this."



Originally published on Linux.com. Released under the Open Content License unless otherwise stated. Notify Gareth Watts of any errors or copyright violations.