VYPR
Unrated severityNVD Advisory· Published Dec 31, 2001· Updated Jun 16, 2026

CVE-2001-1585

CVE-2001-1585

Description

SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user's authorized_keys file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • OpenBSD/OpenSSH2 versions
    cpe:2.3:a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*
    • (no CPE)range: >= 2.3.1-dev (2001-01-18 to 2001-02-08)

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.