{
  "details" : [ "The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS." ],
  "statement" : "Permitting TCP forwarding is the expected and known default configuration. If it is not desired, it can disabled using the AllowTcpForwarding option in the /etc/ssh/sshd_config configuration file. However, only disabling TCP forwarding does not improve security unless users are also denied shell access. For more information, see man sshd_config.",
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2004-1653\nhttps://nvd.nist.gov/vuln/detail/CVE-2004-1653" ],
  "name" : "CVE-2004-1653",
  "csaw" : false
}