GHSA-CFC2-WR2V-GXM5 AsyncSSH Rogue Extension Negotiation

Summary An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack. Details The rogue extension negotiation attack targets an AsyncSSH client connecting to any SSH server sending an extension info message. The attack...

AsyncSSH Rogue Extension Negotiation

Summary An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack. Details The rogue extension negotiation attack targets an AsyncSSH client connecting to any SSH server sending an extension info message. The attack...

aioasuswrt (>=1.1.20 <=1.3.3), aiosftp (>=0.0.1 <=0.3.0) +28 more potentially affected by CVE-2023-46445 via asyncssh (>=1.10.0 <=2.14.0)

asyncssh PYPI version =1.10.0, =1.1.20, =0.0.1, =0.6.0, =0.3.0, =1.2.1, =0.4.0, =0.1.0, =4.3.5, =0.35.0, =3.1.1, =0.6.5, =0.8.0, =2.8.1, =0.2.0, =0.1.0, =0.3.10 and more Source cves: CVE-2023-46445 Source advisory: OSV:GHSA-CFC2-WR2V-GXM5...

PT-2023-9800 · Asyncssh +3 · Asyncssh +3

Name of the Vulnerable Software and Affected Versions: AsyncSSH versions prior to 2.14.1 Description: The issue in AsyncSSH allows attackers to control the extension info message via a man-in-the-middle attack, enabling them to conduct algorithm downgrade attacks during user authentication. This...

PT-2023-9801 · Asyncssh +3 · Asyncssh +3

Name of the Vulnerable Software and Affected Versions: AsyncSSH versions 2.14.0 and earlier Description: The issue in AsyncSSH allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, also known as a "Rogue Session Attack." This can lea...

Ubuntu 18.04 ESM : AsyncSSH vulnerability (USN-4854-1)

The remote Ubuntu 18.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-4854-1 advisory. Matthijs Kooijman discovered that AsyncSSH server did not properly handle authentication under certain conditions. An attacker with a specially crafted client cou...

Ubuntu: Security Advisory (USN-4854-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AsyncSSH SSH Server Authentication Bypass

The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step...

pyplanet (>=0.1.5 <=0.5.4) potentially affected by CVE-2018-7749 via asyncssh (>=1.10.0 <=1.11.1)

asyncssh PYPI version =1.10.0, =0.1.5, =0.5.4 Source cves: CVE-2018-7749 Source advisory: OSV:GHSA-97CV-6PJF-5F9Q...

GHSA-97CV-6PJF-5F9Q AsyncSSH SSH Server Authentication Bypass

The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step...

USN-4854-1: AsyncSSH vulnerability

Matthijs Kooijman discovered that AsyncSSH server did not properly handle authentication under certain conditions. An attacker with a specially crafted client could use this vulnerability to skip authentication of SSH sessions...

USN-4854-1 python-asyncssh vulnerability

Matthijs Kooijman discovered that AsyncSSH server did not properly handle authentication under certain conditions. An attacker with a specially crafted client could use this vulnerability to skip authentication of SSH sessions...

FreeBSD : py-asyncssh -- Allows bypass of authentication (0e8f496a-b498-11e8-bdcf-74d435e60b7c)

mitre.org Reports : The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests A customized SSH client can simply skip the authentication step. C Tenable Network Security, Inc. The descriptive text and packa...

Authentication Bypass

AsyncSSH is vulnerable to authentication bypass. An attacker can use a customized SSH client to skip the authentication step of an SSH server because it does not check if authentication is complete before processing other requests...

CVE-2018-7749

The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step...

CVE-2018-7749

The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step...

Authentication flaw

The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step...

PYSEC-2018-108

The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step...

pyplanet (>=0.1.5 <=0.5.4) potentially affected by CVE-2018-7749 via asyncssh (>=1.10.0 <=1.11.1)

asyncssh PYPI version =1.10.0, =0.1.5, =0.5.4 Source cves: CVE-2018-7749 Source advisory: OSV:PYSEC-2018-108...

DEBIAN-CVE-2018-7749

The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step...