Lucene search
MitreCVELIST:CVE-2021-36369HistoryOct 12, 2022 - 12:00 a.m.
CVE-2021-36369
2022-10-1200:00:00
mitre
www.cve.org
8
dropbear ssh
authentication methods
non-rfc-compliant
security bypass
fido2 tokens
ssh-askpass
forwarded agent
server vulnerability
EPSS
0.001
Percentile
40.1%
An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed.
Related
openvas
openvas
Debian: Security Advisory (DLA-3187-1)
2022-11-15 00:00:00
Mageia: Security Advisory (MGASA-2022-0436)
2022-11-25 00:00:00
veracode
veracode
Improper Access Cotrol
2022-10-27 00:42:12
nvd
nvd
CVE-2021-36369
2022-10-12 21:15:09
osv
osv
CVE-2021-36369
2022-10-12 21:15:09
dropbear - security update
2022-11-14 00:00:00
mageia
mageia
Updated dropbear packages fix security vulnerability
2022-11-25 01:21:24
nessus
nessus
Debian DLA-3187-1 : dropbear - LTS security update
2022-11-14 00:00:00
ubuntucve
ubuntucve
CVE-2021-36369
2022-10-12 00:00:00
cve
cve
CVE-2021-36369
2022-10-12 21:15:09
debian
debian
[SECURITY] [DLA 3187-1] dropbear security update
2022-11-13 22:04:45
[SECURITY] [DLA 3187-1] dropbear security update
2022-11-13 21:58:26
prion
prion
Authentication flaw
2022-10-12 21:15:00
debiancve
debiancve
CVE-2021-36369
2022-10-12 21:15:09
ics
ics
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00