2005-04-21 04:00:00
mitre
PUBLISHED
SSH before 2.0 disables host key checking when connecting to the localhost, which allows remote attackers to silently redirect connections to the localhost by poisoning the clients DNS cache.