7 matches found
Gitea has insecure default SSH settings
Summary The built-in SSH server currently advertises a number of key exchange, MAC, and host key algorithms that are considered weak or broken. The defaults should be tightened so a fresh installation passes a baseline SSH security audit out of the box. Details Running ssh-audit against a default...
EUVD-2014-5230
Malware in sbrugna...
Design/Logic Flaw
The SFTP external storage driver filesexternal in ownCloud Server before 6.0.5 validates the RSA Host key after login, which allows remote attackers to obtain sensitive information by sniffing the network...
CVE-2014-5341
The SFTP external storage driver filesexternal in ownCloud Server before 6.0.5 validates the RSA Host key after login, which allows remote attackers to obtain sensitive information by sniffing the network...
CVE-2014-5341
The SFTP external storage driver filesexternal in ownCloud Server before 6.0.5 validates the RSA Host key after login, which allows remote attackers to obtain sensitive information by sniffing the network...
Insufficient RSA Host Key validation in files_external (SFTP driver) - ownCloud
The SFTP external storage driver was verifying the RSA Host Key after logging in. This allows for a man-in-the-middle MITM attack even if the host key is already known and can be validated. Basically, at the point where the host key was validated, the secret has already been given away. It should...
Server: Insufficient RSA Host Key validation in files_external (SFTP driver)
The SFTP external storage driver was verifying the RSA Host Key after logging in. This allows for a man-in-the-middle MITM attack even if the host key is already known and can be validated. Basically, at the point where the host key was validated, the secret has already been given away. It should...