Описание
HiveOS through 0.6-102@191212 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as of 2019-09-26, the vendor indicated that they would consider fixing this.
EPSS
Процентиль: 25%
0.00087
Низкий
5.7 Medium
CVSS3
Дефекты
CWE-321
Связанные уязвимости
CVSS3: 5.7
github
почти 2 года назад
HiveOS through 0.6-102@191212 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as of 2019-09-26, the vendor indicated that they would consider fixing this.
EPSS
Процентиль: 25%
0.00087
Низкий
5.7 Medium
CVSS3
Дефекты
CWE-321