OpenSSH Trivial Authentication Attack

Description

OpenSSH Trivial Authentication Attack

CWE

290

CVE

36368

Attack Surfaces

Interactive Device (MITRE EMB3D PID-33)

Authenticated Services (MITRE EMB3D PID-332)

Authenticated Sessions (MITRE EMB3D PID-3322)

Attack Vectors

Weak Cryptographic Protocol (MITRE EMB3D TID-411)

Defenses

Fix Authentication Misconfiguration, Modify OpenSSH "None Authentication" Options by Implementing Agent Restrictions