CCE-90951-5Platform: cpe:/o:centos:centos:7, cpe:/o:redhat:enterprise_linux:7 | Date: (C)2017-06-29 (M)2023-07-04 |
SSH can emulate the behavior of the obsolete rsh
command in allowing users to enable insecure access to their
accounts via '.rhosts' files.
To ensure this behavior is disabled, add or correct the
following line in '/etc/ssh/sshd_config':
'IgnoreRhosts yes'
Parameter:
[yes/no]
Technical Mechanism:
SSH trust relationships mean a compromise on one host
can allow an attacker to move trivially to other hosts.
CCSS Severity: | CCSS Metrics: |
CCSS Score : 8.1 | Attack Vector: NETWORK |
Exploit Score: 2.2 | Attack Complexity: HIGH |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:31328 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:30605 |