Vulnerabilities

CVE-2010-4478

by Fred · 06/12/2010

OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.

Date published : 2010-12-06

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c#rev1.5

Similar

Tags: Cybersecurity Alert