CVE-2012-5975

SSH Tectia Server - Authentication Bypass

Title source: rule

Description

The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.

Exploits (3)

metasploit WORKING POC EXCELLENT

by kingcope, bperry, sinn3r · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ssh/tectia_passwd_changereq.rb

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremoteunix

https://www.exploit-db.com/exploits/23156

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by kingcope · textremotelinux

https://www.exploit-db.com/exploits/23082

View Code ZIP pw:eip

References (4)

[Third Party Advisory] http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0013.html

[Third Party Advisory] http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0065.html

[Exploit] https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ssh/tectia_passwd_changereq.rb

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/23082/

Scores

EPSS 0.2575

EPSS Percentile 96.1%

Classification

CWE

CWE-287

Status draft

Affected Products (35)

ssh/tectia_server

ssh/tectia_server

ssh/tectia_server

ssh/tectia_server

ssh/tectia_server

ssh/tectia_server

ssh/tectia_server

ssh/tectia_server

ssh/tectia_server

ssh/tectia_server

ssh/tectia_server

ssh/tectia_server

ssh/tectia_server

ssh/tectia_server

ssh/tectia_server

... and 20 more

Timeline

Published Dec 04, 2012

Tracked Since Feb 18, 2026