Default public SSH keys in Photon OS 1.0 OVA

Published: 2016-08-18
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2016-5332
Exploitation vector Network
Public exploit N/A
Vulnerable software
VMware Photon OS OVA
Operating systems & Components / Operating system

Vendor VMware, Inc

Security Advisory

This security advisory describes one medium risk vulnerability.

1) Default public SSH key

Risk: Medium

CVSSv3: 5.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2016-5332

CWE-ID: CWE-798 - Use of Hard-coded Credentials

Exploit availability: No


The vulnerability allows a remote attacker to gain unauthorized access to the system.

The vulnerability exists due to usage of default public SSH key in all versions of Photon OS 1.0 OVAs, downloaded before August 14, 2016. A remote attacker with the corresponding private SSH key can gain access to vulnerable system using default SSH keys.

Successful exploitation of this vulnerability will allow an attacker to gain unauthorized access to vulnerable system.


Download a new version of Photon OS 1.0 OVA, released after August 14, 2016.

Users that have downloaded the PhotonOS 1.0 OVAs before August 14, 2016 should take either of the following procedures to ensure the security of their systems:

  • Remove the left-over public key from all Photon OS 1.0 systems built from the original PhotonOS 1.0 OVAs by executing the following command:
    • On a freshly installed Photon OS system:

rm –f /root/.ssh/authorized_keys

    • On a Photon OS system which contains user-installed ssh keys:

sed –i '/photon-jenkins/d' /root/.ssh/authorized_keys

  • Alternatively, download the new OVA and replace all existing instances with new instances built from the updated Photon OS 1.0 OVAs.

Vulnerable software versions

VMware Photon OS OVA: 1.0

CPE External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.