CVE-2012-6066

Published: Dec 4, 2012Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.

Affected (3)

Products: Freesshd: Freesshd

Freesshd

1 product

Freesshd

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Freesshd Freesshd	Up to 1.2.6
Freesshd Freesshd	Version 1.2.1
Freesshd Freesshd	Version 1.2.2

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0012.html

Source: cve@mitre.org

http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0012.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.