Flaw gives hackers key to Unix computers
As a result of the vulnerability, though, SSH lets anyone remotely log in to an account that uses a two-character password by simply leaving the password field blank and hitting Enter. A two-character password is not likely for most active users' accounts, but it's common for several administrative accounts for functions such as controlling printers or for accounts that the system administrator has locked to temporarily disable access, said Dan Ingevaldson, leader of Internet Security Systems' X-Force research and development team.
The link for this article located at ZDNet is no longer available.