SSH password weakness

Added: 01/05/2011
CVE: CVE-1999-0502


Passwords are the most commonly used method of authenticating users to a server. The combination of a login name and password is used to verify the identity of a user requesting access, and to determine what parts of the server the user has permission to access.


Administrators often set up new user accounts with no password or with a default password which is easy to guess. Additionally, some users may choose a simple password which is easy to remember. Null passwords and passwords that are very similar to the login name are an easy way for attackers to gain access to the system.


Protect all accounts with a password that cannot be guessed. Require users to choose passwords which are eight charactes long, including numeric and non-alphanumeric characters, and which are not based on the login name or any other personal information about the user.



The target must be running the ssh service in order for the exploit to succeed.

The OpenSSH client must be installed on the SAINTexploit host.



Back to exploit index