Prefix Truncation Attacks in SSH Specification (Terrapin Attack)

The remote SSH server is supporting an specific encryption algorithm or MAC. Parts of their SSH specification are vulnerable to a novel prefix truncation attack a.k.a. Terrapin attack. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, a...

CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

AsyncSSH Rogue Extension Negotiation

Summary An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack. Details The rogue extension negotiation attack targets an AsyncSSH client connecting to any SSH server sending an extension info message. The attack...

Important: amazon-ssm-agent

Issue Overview: The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server. CVE-2021-43565 A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentification with R...

Ubuntu 16.04 ESM : libssh2 vulnerabilities (USN-5308-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5308-1 advisory. It was discovered that libssh2 mishandled certain input. If libssh2 were used to connect to a malicious or compromised SSH server, a remote,...

F5 BIG-IP Next SPK Hardcoded Credentials Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A hard-coded credential vulnerability exists in F5 BIG-IP Next SPK, which can be exploited by an attacker with the ability to...

CVE-2023-45226

CVE-2023-45226 affects BIG-IP Next SPK, specifically the f5-debug-sidecar and f5-debug-sshd containers in SPK TMM. The issue is hardcoded credentials that could let an attacker intercept traffic and impersonate the SPK SSH server when ssh debug is enabled. Exposure is documented in multiple sourc...

Authentication flaw

JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication...

CVE-2023-42818 SSH public key login without private key challenge if mfa is enabled in jumpserver

JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication...

CVE-2023-42818 SSH public key login without private key challenge if mfa is enabled in jumpserver

JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication...

CVE-2023-42818 SSH public key login without private key challenge if mfa is enabled in jumpserver

JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication...

PT-2023-7221 · Unknown · Jumpserver

Name of the Vulnerable Software and Affected Versions: JumpServer versions prior to 3.5.6 JumpServer versions prior to 3.6.5 Description: The issue is related to the Koko SSH server in JumpServer, an open source bastion host. When users enable MFA and use a public key for authentication, the Koko...

Vulnerability CVE-2008-5161 (SSH Server CBC Mode Ciphers Enabled) on SDX

Regarding vulnerability CVE-2008-5161 SSH Server CBC Mode Ciphers Enabled, we need to follow the below article to mitigate this vulnerability. Addressing False Positives from CBC and MAC Vulnerability Scans of NetScaler SSHD citrix.com However, we are unable to perform the steps mentioned in the...

Amazon Linux 2023 : amazon-ssm-agent (ALAS2023-2023-339)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-339 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks ...

Oracle Linux 7 : libssh2 (ELSA-2020-3915)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-3915 advisory. - fix integer overflow in SSHMSGDISCONNECT logic CVE-2019-17498 - fix integer overflow in keyboard interactive handling that allows out-of-bounds writes...

RHEL 8 : openssh (RHSA-2023:4383)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4383 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary f...

CVE-2023-38408

A vulnerability was found in OpenSSH. The PKCS11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system the code in /usr/lib is not necessarily safe for loading into ssh-agent...

CVE-2022-44719

An issue was discovered in Weblib Ucopia before 6.0.13. The SSH Server has Insecure Permissions...

CVE-2022-44719

An issue was discovered in Weblib Ucopia before 6.0.13. The SSH Server has Insecure Permissions...

Design/Logic Flaw

An issue was discovered in Weblib Ucopia before 6.0.13. The SSH Server has Insecure Permissions...