Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Loadbalancer.org Enterprise VA 7.5.2 Static SSH Key
Information
Severity
Severity
Critical
Family
Family
Gain a shell remotely
CVSSv2 Base
CVSSv2 Base
10.0
CVSSv2 Vector
CVSSv2 Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
Solution Type
Solution Type
Vendor Patch
Created
Created
10 years ago
Modified
Modified
5 years ago
Summary
Loadbalancer.org Enterprise VA 7.5.2 contains a default SSH private key
Insight
Insight
Loadbalancer.org Enterprise VA versions 7.5.2 and below come with a static public and private key installed for their appliances. When the keys are regenerated, it fails to remove the public key from the authorized_keys2 file, allowing anyone to use the private default key for access.
Affected Software
Affected Software
Loadbalancer.org Enterprise VA versions 7.5.2 and below
Detection Method
Detection Method
Try to login as root using the known static private key.
Solution
Solution
Upgrade to version 7.5.3 or newer.