CVE-2012-5975

SSH Tectia Server - Authentication Bypass

Title source: rule

Description

The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremoteunix

https://www.exploit-db.com/exploits/23156

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by kingcope · textremotelinux

https://www.exploit-db.com/exploits/23082

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by kingcope, bperry, sinn3r · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ssh/tectia_passwd_changereq.rb

View Code ZIP pw:eip

References (4)

[Third Party Advisory] http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0013.html

[Third Party Advisory] http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0065.html

[Exploit] https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ssh/tectia_passwd_changereq.rb

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/23082/

Scores

EPSS 0.2575

EPSS Percentile 96.3%

Details

CWE

CWE-287

Status published

Products (35)

ssh/tectia_server 6.0.4

ssh/tectia_server 6.0.5

ssh/tectia_server 6.0.6

ssh/tectia_server 6.0.7

ssh/tectia_server 6.0.8

ssh/tectia_server 6.0.9

ssh/tectia_server 6.0.10

ssh/tectia_server 6.0.11

ssh/tectia_server 6.0.12

ssh/tectia_server 6.0.13

... and 25 more

Published Dec 04, 2012

Tracked Since Feb 18, 2026