---------------------------------------------------------------------------- OpenBSD Security Advisory February 8, 2001 Authentication By-Pass Vulnerability in OpenSSH-2.3.1 ---------------------------------------------------------------------------- SYNOPSIS OpenSSH-2.3.1, a development snapshot, only checked if a public key for public key authentication was permitted. In the protocol 2 part of the server, the challenge-response step that ensures that the connecting client is in possession of the corresponding private key has been omitted. As a result, anyone who could obtain the public key listed in the users authorized_keys file could log in as that user without authentication. A fix for this problem was committed on Februrary 8th. The problem was introduced on January 18th. This is a three week time window. ---------------------------------------------------------------------------- AFFECTED SYSTEMS This vulnerability affects only OpenSSH version 2.3.1 with support for protocol 2 enabled. The latest official release OpenSSH 2.3.0 is not affected by this problem. The latest snapshot version OpenSSH 2.3.2 is not affected either. ---------------------------------------------------------------------------- RESOLUTION If you installed the OpenSSH 2.3.1 development snapshot, install the latest snapshot. Currently, the latest snapshot is OpenSSH 2.3.2 which is available via http://www.openssh.com/. ----------------------------------------------------------------------------