CVE-2001-1473

N/A Unknown
Published: January 18, 2001 Modified: April 16, 2026
View on NVD

Description

The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://www.kb.cert.org/vuls/id/684820
Source: cve@mitre.org
US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/6603
Source: cve@mitre.org
http://www.kb.cert.org/vuls/id/684820
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/6603
Source: af854a3a-2127-422b-91ae-364da2661108

4 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
5.2%
90th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-310

Affected Vendors

ssh

Related CVEs

CVE-2026-6560 8.8
CVE-2026-6559 4.3
CVE-2026-0868 6.4
CVE-2026-6056 N/A
CVE-2026-41242 N/A