3 matches found
Weak CRC allows packet injection into SSH sessions encrypted with block ciphers
Overview There is an information integrity vulnerability in the SSH1 protocol that allows packets encrypted with a block cipher to be modified without notice. Description Preconditions: Attacker has a fragment of plaintext and its corresponding ciphertext. Attacker must be able to actively...
Weak CRC allows last block of IDEA-encrypted SSH packet to be changed without notice
Overview There is an information integrity vulnerability in the SSH1 protocol that allows the last block of an IDEA-encrypted session to be modified without notice. Description Preconditions: Session is encrypted using IDEA cipher. Compression is disabled. SSH clients configured to use the IDEA...
Weak CRC allows RC4 encrypted SSH1 packets to be modified without notice
Overview There is an information integrity vulnerability in the SSH1 protocol that allows RC4 encrypted packets to be modified without notice. Description Preconditions: Client has requested RC4 and server supports it. Compression is disabled. When using the RC4 stream cipher, SSH1 uses a cyclic...