1 results (0.001 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

keyinit in S/Key does not require authentication to initialize a one-time password sequence, which allows an attacker who has gained privileges to a user account to create new one-time passwords for use in other activities that may use S/Key authentication, such as sudo. • http://archives.neohapsis.com/archives/bugtraq/2001-08/0441.html •