Insecure Path Verification in scponly

Insecure Path Verification in scponly

CVE-2002-1469 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs.

Learn more about our Cis Benchmark Audit For Server Software.