3 matches found
CVE-2017-3204
The Go SSH library x/crypto/ssh by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism...
CVE-2017-3204
CVE-2017-3204 affects the Go SSH library (golang.org/x/crypto/ssh). By default, host key verification was not performed, enabling potential man-in-the-middle attacks. The root cause is the absence of host key verification unless a HostKeyCallback is explicitly registered; this default changed in ...
CVE-2017-3204
The Go SSH library x/crypto/ssh by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism...