Hacker @kingcope discovered critical vulnerability in Tectia SSH Server. Exploit working on SSH-2.0-6.9.95 SSH TECTia Server (Latest available version from www.tectia.com) that allow attacker to bypass Authentication remotely. A default installation on Linux (version 6.1.9) is vulnerable to the attack. A bug in the code allows an attacker to login without a password by forcing a password change request prior to authentication. Eric Romang posted a Demo video on Youtube.
Source: https://thehackernews.com/2012/12/remote-0day-exploit-for-tectia-ssh.html