What is the severity of CVE-2001-1476?

CVE-2001-1476 is considered to have a moderate severity rating due to the potential for password guessing.

How do I fix CVE-2001-1476?

To fix CVE-2001-1476, it is recommended to upgrade to a version of SSH that is more secure and does not have this vulnerability.

Which versions of SSH are affected by CVE-2001-1476?

CVE-2001-1476 affects SSH versions 1.2.24 through 1.2.31.

What happens if I leave CVE-2001-1476 unaddressed?

Leaving CVE-2001-1476 unaddressed may allow attackers to replay user sessions and guess passwords.

Is it safe to use SSH with RC4 encryption after CVE-2001-1476?

Using SSH with RC4 encryption is risky after CVE-2001-1476, as it may expose your passwords to vulnerabilities.

Vulnerability/
CVE-2001-1476

high

7.5

CWE

NVD-CWE-Other

18/1/2001

21/4/2005

8/8/2024

CVE-2001-1476

First published: Thu Jan 18 2001(Updated: )

SSH before 2.0, with RC4 encryption and the "disallow NULL passwords" option enabled, makes it easier for remote attackers to guess portions of user passwords by replaying user sessions with certain modifications, which trigger different messages depending on whether the guess is correct or not.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
SSH (Secure Shell)	=1.2.24
SSH (Secure Shell)	=1.2.25
SSH (Secure Shell)	=1.2.26
SSH (Secure Shell)	=1.2.27
SSH (Secure Shell)	=1.2.28
SSH (Secure Shell)	=1.2.29
SSH (Secure Shell)	=1.2.30
SSH (Secure Shell)	=1.2.31

Remedy

http://www.kb.cert.org/vuls/id/565052

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2001-1476?
CVE-2001-1476 is considered to have a moderate severity rating due to the potential for password guessing.
How do I fix CVE-2001-1476?
To fix CVE-2001-1476, it is recommended to upgrade to a version of SSH that is more secure and does not have this vulnerability.
Which versions of SSH are affected by CVE-2001-1476?
CVE-2001-1476 affects SSH versions 1.2.24 through 1.2.31.
What happens if I leave CVE-2001-1476 unaddressed?
Leaving CVE-2001-1476 unaddressed may allow attackers to replay user sessions and guess passwords.
Is it safe to use SSH with RC4 encryption after CVE-2001-1476?
Using SSH with RC4 encryption is risky after CVE-2001-1476, as it may expose your passwords to vulnerabilities.

agent/references
agent/type
agent/first-publish-date
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/remedy
agent/last-modified-date
agent/description
agent/author
agent/severity
agent/weakness
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/ssh
canonical/ssh (secure shell)
version/ssh (secure shell)/1.2.24
version/ssh (secure shell)/1.2.25
version/ssh (secure shell)/1.2.26
version/ssh (secure shell)/1.2.27
version/ssh (secure shell)/1.2.28
version/ssh (secure shell)/1.2.29
version/ssh (secure shell)/1.2.30
version/ssh (secure shell)/1.2.31

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.