VULHUB ™

A weakness has been reported in multiple SSH clients which may allow a man-in-the-middle attack to occur. SSH communication with a given server normally occurs using a given protocol such as SSH2. A given client will record the server's public key. If a new key is ever reported, the client software will report to the end user that the event should be viewed with extreme suspicion. However, if the server negotiates an SSH connection with a protocol such as SSH1 which has not previously been used with a given client, the displayed message will only report that a new key is being presented. The end user can not be expected to understand the security implications of this event. This may allow a man-in-the-middle attack to pass undetected by the client user. A similar attack may be possible based on the SSH2 negotiation for a MAC algorithm.

A weakness has been reported in multiple SSH clients which may allow a man-in-the-middle attack to occur. SSH communication with a given server normally occurs using a given protocol such as SSH2. A given client will record the server's public key. If a new key is ever reported, the client software will report to the end user that the event should be viewed with extreme suspicion. However, if the server negotiates an SSH connection with a protocol such as SSH1 which has not previously been used with a given client, the displayed message will only report that a new key is being presented. The end user can not be expected to understand the security implications of this event. This may allow a man-in-the-middle attack to pass undetected by the client user. A similar attack may be possible based on the SSH2 negotiation for a MAC algorithm.