ZDNET: "As a result of the vulnerability, though, SSH lets anyone remotely log in to an account
that uses a two-character password by simply leaving the password field blank and
hitting Enter. A two-character password is not likely for most active users' accounts,
but it's common for several administrative accounts for functions such as controlling
printers or for accounts that the system administrator has locked to temporarily
disable access, said Dan Ingevaldson, leader of Internet Security Systems' X-Force
research and development team."
July 24, 2001