A flaw in widely used Unix software could allow attackers to gain control over computers running Solaris, HP-UX and several versions of Linux, security analysts and the company selling the software warned Monday. SSH Communications Security, a Finnish company, reported Monday . . .
A flaw in widely used Unix software could allow attackers to gain control over computers running Solaris, HP-UX and several versions of Linux, security analysts and the company selling the software warned Monday. SSH Communications Security, a Finnish company, reported Monday that the latest edition of its SSH Secure Shell software, version 3.0.0, released June 21, can let an attacker gain control over some Unix or Linux computers.

As a result of the vulnerability, though, SSH lets anyone remotely log in to an account that uses a two-character password by simply leaving the password field blank and hitting Enter. A two-character password is not likely for most active users' accounts, but it's common for several administrative accounts for functions such as controlling printers or for accounts that the system administrator has locked to temporarily disable access, said Dan Ingevaldson, leader of Internet Security Systems' X-Force research and development team.

The link for this article located at ZDNet is no longer available.