Comment 0 for bug 2051473

Brief Description
-----------------

[Security vulnerability] 11255 - Default Password (root) for 'root' Account was captured in NESSUS Scan.

It is possible to login as root and execute the command 'id' on the remote host : uid=0(root) gid=0(root) groups=0(root)

Severity
--------

Critical

Steps to Reproduce
------------------

1. Logged in as 'sysadmin' and changed the root password using 'sudo passwd root'
2. Logged in successfully as root user
3. "PermitRootLogin" setting in "/etc/ssh/sshd_config" is "yes" instead of "no"

cat /etc/ssh/sshd_config | grep PermitRootLogin
PermitRootLogin yes

Expected Behavior
------------------

"PermitRootLogin" setting in "/etc/ssh/sshd_config" should be "no", so that logging in as root is not permitted.

Actual Behavior
----------------

PermitRootLogin" setting in "/etc/ssh/sshd_config" is "yes".

Reproducibility
---------------

<Reproducible/Intermittent/Seen once>

100% reproducible