transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-03-13T18:00:00
Updated: 2021-12-28T12:06:17
Reserved: 2018-03-07T00:00:00
Link: CVE-2018-7750
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-03-13T18:29:00.303
Modified: 2022-04-18T17:30:23.640
Link: CVE-2018-7750
JSON object: View
Redhat Information
No data.
CWE