Does someone have the diffs for this development snapshot? In protocol 2, authentication could be bypassed if public key authentication was permitted. This problem does exist only in OpenSSH 2.3.1. OpenSSH 2.3.0 and versions newer than 2.3.1 are not vulnerable to this problem.