Severity: Unknown
Affected Package: pam_ssh
Summary: pam_ssh authentication bypass with unencrypted SSH private keys
The OpenSSL private key decryption call used by pam_ssh ignores the passphrase argument when the key is not encrypted. If pam_ssh is enabled, an attacker can authenticate against accounts that have an unencrypted SSH private key by submitting any arbitrary passphrase, gaining unauthorized access. No CVE was assigned by FreeBSD for this advisory.
No specific recommendations provided.
Aliases:
Published: December 23, 2011
Last Modified: December 23, 2011