A flaw in SSH Secure Shell protocol has put the Unix community on guard after it emerged that the latest version of the software is vulnerable to attack.

SSH Secure Shell is commonly used in Unix and Linux machines as a method of secure user authentication and data transfer encryption, but version 3.0.0, released late last month, contains a flaw that could give an attacker a foot in the door.

The vulnerability allows a user to remotely log into an account that uses a two-character password, without needing a password at all. Although such instances are uncommon, they happen often enough to pose a threat to a high number of networks.

Even getting into a low-level account could provide a launch pad for a much more serious attack that could potentially result in root access for an attacker.

SSH has issued an advisory and a patch to bring the software up to a secure version 3.0.1. "SSH strongly advises all users of Secure Shell 3.0.0 to upgrade immediately to Secure Shell 3.0.1," said the company.

Along with more information, the patch is available here.