21 Nov
2001
21 Nov
'01
17:01
On Wed, 21 Nov 2001, Annette Jaekel wrote:
Hi, so the next question is: If I run only SSH 2 daemon but with sshd_config Option "Protocol 2,1 " for compatibility - is it vulnerable? Annette Sysadmin IfM Technical University Berlin Germany
It sure is. The cracker will connect pretending not to be able to do protocol 2, and your system will obligingly pull out the (vulnerable) protocol 1 for her. Bear