Security Bulletin: IBM Robotic Process Automation is vulnerable to a man-in-the-middle due to ssh.net (CVE-2022-29245)

Summary ssh.net is used by IBM Robotic Process Automation as part of the secure communications. CVE-2022-29245. The fix includes ssh.net 2020.0.2.0 Vulnerability Details CVEID:CVE-2022-29245 DESCRIPTION: SSH.NET is vulnerable to a man-in-the-middle attack, caused by the use of a weak cryptographi...

CVE-2022-29245

creationtimestamp| type| source ---|---|--- 2022-05-31 20:23:51+00:00| seen| https://t.me/cibsecurity/43573...

CVE-2022-29245

SSH.NET is a Secure Shell SSH library for .NET. In versions 2020.0.0 and 2020.0.1, during an X25519 key exchange, the client’s private key is generated with System.Random. System.Random is not a cryptographically secure random number generator, it must therefore not be used for cryptographic...

CVE-2022-29245

SSH.NET (Renci.SshNet) is affected by CVE-2022-29245 due to generating the private key during X25519 key exchange with System.Random in versions 2020.0.0 and 2020.0.1. The non-cryptographically secure RNG can have a brute-forceable seed, enabling an eavesdropper to potentially decrypt traffic dur...

CVE-2022-29245 Weak private key generation in SSH.NET

SSH.NET is a Secure Shell SSH library for .NET. In versions 2020.0.0 and 2020.0.1, during an X25519 key exchange, the client’s private key is generated with System.Random. System.Random is not a cryptographically secure random number generator, it must therefore not be used for cryptographic...