Red Hat Bugzilla – Bug 430487
CVE-2007-0844 pam_ssh permits authentication with arbitrary string if a passphrase-less key exists
Last modified: 2010-12-22 15:54:28 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-0844 to the following vulnerability:
The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when the allow_blank_passphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase.
But we already >= 1.92 ?...
Bug was created to track this issue outside of Fedora. Removing your email
address from CC list.