Описание
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.
A flaw was found in OpenSSH in versions 5.7 through 8.3, where an Observable Discrepancy occurs and leads to an information leak in the algorithm negotiation. This flaw allows a man-in-the-middle attacker to target initial connection attempts, where there is no host key for the server that has been cached by the client.
Отчет
This is a flaw in OpenSSH, which allows a man in the middle attack to determine, if a client already has prior knowledge of the remote hosts fingerprint. An attacker could use this information to ignore clients, which will show an error message during an man in the middle attack, while new clients can be intercepted without alerting them of the man in the middle attack. This essentially means that this flaw can help attacker's identify targets an MITM attack. However such a attack would still require the attacker to either have control over DNS or control over the network traffic. If the network is untrusted, Red Hat suggests the use ssh certificates for even more confidence and less human factor involved or gssapi key exchange, where kerberos is used to verify identity of the server.
Меры по смягчению последствий
Always connect to SSH servers with verified host keys to avoid any possibilities of man-in-the-middle attack.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | openssh | Out of support scope | ||
| Red Hat Enterprise Linux 6 | openssh | Out of support scope | ||
| Red Hat Enterprise Linux 7 | openssh | Will not fix | ||
| Red Hat Enterprise Linux 8 | openssh | Fixed | RHSA-2021:4368 | 09.11.2021 |
| Red Hat Enterprise Linux 8 | openssh | Fixed | RHSA-2021:4368 | 09.11.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.9 Medium
CVSS3
Связанные уязвимости
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepan ...
EPSS
5.9 Medium
CVSS3