Описание
dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to conduct man-in-the-middle attacks.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| dropbear | fixed | 0.49-1 | package | |
| dropbear | fixed | 0.48.1-2 | etch | package |
Примечания
That's a lack of a security feature (strict hostkey checking in openssh
termininoloy) and an awkward interface, but not a vulnerability per se
Especially as dropbear is specifically labeled a stripped down SSH implementation
EPSS
Связанные уязвимости
dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to conduct man-in-the-middle attacks.
dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to conduct man-in-the-middle attacks.
dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to conduct man-in-the-middle attacks.
EPSS