CVE-2020-5200

Minerbabe through V4.16 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io...

CVE-2019-19755

ethOS through 1.3.3 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as of 2019-12-01, the vendor indicated that they plan to fix this...

CVE-2019-19752

nvOC through 3.2 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as of 2019-12-01, the vendor indicated plans to fix this in the next image build...

CVE-2019-19753

SimpleMiningOS through v1259 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: the vendor indicated that they have no plans to fix this, and discourage deployment using...

CVE-2019-19754

HiveOS through 0.6-102@191212 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as of 2019-09-26, the vendor indicated that they would consider fixing this...

CVE-2019-19751

easyMINE before 2019-12-05 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io...

CVE-2020-5200

Minerbabe through V4.16 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io...

CVE-2019-19752

nvOC through 3.2 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as of 2019-12-01, the vendor indicated plans to fix this in the next image build...

CVE-2019-19751

easyMINE before 2019-12-05 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io...

CVE-2019-19752

nvOC through 3.2 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as of 2019-12-01, the vendor indicated plans to fix this in the next image build...

CVE-2019-19753

SimpleMiningOS through v1259 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: the vendor indicated that they have no plans to fix this, and discourage deployment using...

CVE-2019-19751

CVE-2019-19751 affects easyMINE prior to 2019-12-05 where SSH host keys are baked into the installation image. This permits man-in-the-middle attacks and facilitates identifying all public IPv4 nodes via Shodan. Root cause: hard-coded SSH host keys in the installation artefact. Impact: potential ...

CVE-2019-19755

ethOS 1.3.3 and earlier ships with SSH host keys baked into the installation image, enabling MITM attacks and exposing all public IPv4 nodes (e.g., via Shodan). The issue is described consistently across CVE records and Red Hat/NVD/CVE listings. The vendor noted plans to fix this as of 2019-12-01...

CVE-2019-19753

CVE-2019-19753 affects SimpleMiningOS through v1259, where SSH host keys are baked into the installation image. This allows man-in-the-middle attacks and enables easy identification of public IPv4 nodes via Shodan.io. The Red Hat/NVD/CVE entries reiterate the same root cause and note the vendor h...

CVE-2019-19752

CVE-2019-19752 affects nvOC up to version 3.2, where SSH host keys are baked into the installation image. This enables man-in-the-middle attacks and could make identifying public IPv4 nodes trivial via Shodan. Public Red Hat advisory confirms the issue and notes the vendor planned a fix in the ne...

VulnCheck KEV: CVE-2020-5200

Minerbabe through V4.16 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io...

VulnCheck KEV: CVE-2019-19754

HiveOS through 0.6-102@191212 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io...

VulnCheck KEV: CVE-2019-19752

nvOC through 3.2 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io...