Hacker @kingcope discovered critical vulnerability in Tectia SSH Server. Exploit working on SSH-2.0-188.8.131.52 SSH Tectia Server (Latest available version from www.tectia.com) that allow attacker to bypass Authentication remotely.
Description : An attacker in the possession of a valid username of an SSH Tectia installation running on UNIX (verified on AIX/Linux) can login without a password. The bug is in the “SSH USERAUTH CHANGE REQUEST” routines which are there to allow a user to change their password. A bug in the code allows an attacker to login without a password by forcing a password change request prior to authentication.
Download Exploit Code : Click Here
A default installation on Linux (version 184.108.40.206 of Tectia) is vulnerable to the attack. Eric Romang posted a Demo video on Youtube, hope you will like it :)
|Command Source : http://goo.gl/BHqWd|
Popular Deals From Our Store
Ethical Hacking Certification Training
Get Professional Ethical Hacking Certifications: CEH, CHFI, CISM, CISA, CISSP Trainings.
96% Off Get this Deal
Computer Hacking Forensic Investigation
Online Hands-on Training with Lifetime Access to Forensic Investigation Certification Classes.
98% Off Get this Deal