[link|http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26start%3D2001-07-15%26threads%3D0%26mid%3D198404%26fromthread%3D0%26end%3D2001-07-21%26|Remote Exploit]
Any password can be used to ssh into accounts without passwords (listed as NP on Solaris or !! under Linux sometimes).
Get ssh 3.0.1 at [link|http://www.ssh.com|ssh.com].