5 matches found
CVE-2023-42818
JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication...
CVE-2023-42818
creationtimestamp| type| source ---|---|--- 2023-09-28 00:41:53+00:00| seen| https://t.me/cibsecurity/71156...
CVE-2023-42818 SSH public key login without private key challenge if mfa is enabled in jumpserver
JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication...
CVE-2023-42818 SSH public key login without private key challenge if mfa is enabled in jumpserver
JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication...
CVE-2023-42818
JumpServer (Koko SSH server) is affected: when MFA is enabled and a public key is used, the SSH private key is not verified, enabling brute-force attempts with a disclosed key. Patched in JumpServer versions 3.6.5 and 3.5.6; upgrade is advised. Multiple connected sources corroborate the issue and...