VYPR
Unrated severityNVD Advisory· Published Feb 8, 2007· Updated Jun 16, 2026

CVE-2007-0844

CVE-2007-0844

Description

The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when the allow_blank_passphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase.

Affected products

2
  • Pam SSH/Pam SSH2 versions
    cpe:2.3:a:pam_ssh:pam_ssh:1.91:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:pam_ssh:pam_ssh:1.91:*:*:*:*:*:*:*
    • (no CPE)range: <1.92

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.