SB2020073043 - MitM attack in OpenSSH client
Published: July 30, 2020 Updated: December 4, 2020
Security Bulletin ID
SB2020073043
Severity
Medium
Patch available
NO
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2020-14145)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists in openssh client during algorithm negotiation due to observable discrepancy. A remote attacker can perform a Man-in-the-Middle (MitM) attack.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1
- https://security.netapp.com/advisory/ntap-20200709-0004/
- https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/
- https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d