| Vulnerability Name: | CCN-9652 | ||||||
| Published: | 2002-07-22 | ||||||
| Updated: | 2002-07-22 | ||||||
| Summary: | SSH (Secure Shell) is vulnerable to a man-in-the-middle attack.
When a connection is established by an SSH client, the SSH server's hostkey is recorded by the client and is used to verify future connections with that server. If the hostkey is ever changed, the user is given a warning message before connecting, indicating the possibility of an attack. However, if a client attempts to connect to a known server, but the server presents a banner that indicates a different SSH protocol version than what has previously been used, a new hostkey is presented for that version number but the warning message is not displayed. The user is then presented a new key and asked if they would like to continue. A remote attacker with control over an SSH server could use this vulnerability to launch man-in-the-middle attacks against vulnerable clients, with a reduced possibility of being detected. | ||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||
| CVSS v2 Severity: | 5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
| ||||||
| Vulnerability Consequences: | Bypass Security | ||||||
| References: | Source: CCN Type: BugTraq Mailing List, Mon Jul 22 2002 - 18:43:41 CDT SSH Protocol Trick Source: CCN Type: BugTraq Mailing List, Tue Jul 23 2002 - 07:47:39 CDT Re: SSH Protocol Trick Source: CCN Type: BugTraq Mailing List, Tue Jul 23 2002 - 15:46:48 CDT Re: SSH Protocol Trick Source: CCN Type: OpenSSH Web site OpenSSH Source: CCN Type: BID-5284 Multiple SSH Client Protocol Change Default Warning Weakness Source: CCN Type: SSH Communications Security Web site SSH - Products Source: XF Type: UNKNOWN ssh-protocol-change-mitm(9652) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||