Insecure Path Verification in scponly
CVE-2002-1469 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs.
Learn more about our Cis Benchmark Audit For Server Software.