EUVD-2022-5968

Malicious code in bioql PyPI...

CVE-2022-29245

SSH.NET is a Secure Shell SSH library for .NET. In versions 2020.0.0 and 2020.0.1, during an X25519 key exchange, the client’s private key is generated with System.Random. System.Random is not a cryptographically secure random number generator, it must therefore not be used for cryptographic...

Security Bulletin: IBM Robotic Process Automation is vulnerable to a man-in-the-middle due to ssh.net (CVE-2022-29245)

Summary ssh.net is used by IBM Robotic Process Automation as part of the secure communications. CVE-2022-29245. The fix includes ssh.net 2020.0.2.0 Vulnerability Details CVEID:CVE-2022-29245 DESCRIPTION: SSH.NET is vulnerable to a man-in-the-middle attack, caused by the use of a weak cryptographi...

Insecure Cryptographic Function

ssh.net is vulnerable to Insecure Cryptographic Function. The vulnerability exists in Start function in KeyExchangeECCurve25519.cs due to the use of cryptographically insecure random number generator which allows an attacker to easily predict the generated pseudo-random values...

GHSA-72P8-V4HG-V45P Weak private key generation in SSH.NET

During an X25519 key exchange, the client’s private is generated with System.Random: cs var rnd = new Random; privateKey = new byteMontgomeryCurve25519.PrivateKeySizeInBytes; rnd.NextBytesprivateKey; Source: KeyExchangeECCurve25519.cs Source commit:...

Weak private key generation in SSH.NET

During an X25519 key exchange, the client’s private is generated with System.Random: cs var rnd = new Random; privateKey = new byteMontgomeryCurve25519.PrivateKeySizeInBytes; rnd.NextBytesprivateKey; Source: KeyExchangeECCurve25519.cs Source commit:...

CVE-2022-29245

SSH.NET is a Secure Shell SSH library for .NET. In versions 2020.0.0 and 2020.0.1, during an X25519 key exchange, the client’s private key is generated with System.Random. System.Random is not a cryptographically secure random number generator, it must therefore not be used for cryptographic...

Code injection

SSH.NET is a Secure Shell SSH library for .NET. In versions 2020.0.0 and 2020.0.1, during an X25519 key exchange, the client’s private key is generated with System.Random. System.Random is not a cryptographically secure random number generator, it must therefore not be used for cryptographic...

CVE-2022-29245

SSH.NET (Renci.SshNet) is affected by CVE-2022-29245 due to generating the private key during X25519 key exchange with System.Random in versions 2020.0.0 and 2020.0.1. The non-cryptographically secure RNG can have a brute-forceable seed, enabling an eavesdropper to potentially decrypt traffic dur...

CVE-2022-29245 Weak private key generation in SSH.NET

SSH.NET is a Secure Shell SSH library for .NET. In versions 2020.0.0 and 2020.0.1, during an X25519 key exchange, the client’s private key is generated with System.Random. System.Random is not a cryptographically secure random number generator, it must therefore not be used for cryptographic...

CVE-2022-29245 Weak private key generation in SSH.NET

SSH.NET is a Secure Shell SSH library for .NET. In versions 2020.0.0 and 2020.0.1, during an X25519 key exchange, the client’s private key is generated with System.Random. System.Random is not a cryptographically secure random number generator, it must therefore not be used for cryptographic...

Posh-SSH - PowerShell Module for automating tasks on remote systems using SSH

Windows Powershell module that leverages a custom version of the SSH.NET Library http://sshnet.codeplex.com/ to provide basic SSH functionality in Powershell. The main purpose of the module is to facilitate automating actions against one or multiple SSH enabled servers. This module is for Windows...