CVE-2010-4478 Information
Share on:Description
OpenSSH 5.6 and earlier when J-PAKE is enabled does not properly validate the public parameters in the J-PAKE protocol which allows remote attackers to bypass the need for knowledge of the shared secret and successfully authenticate by sending crafted values in each round of the protocol a related issue to CVE-2010-4252.
Reference
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673 http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.crev1.5 http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c.diff?r1=1.4;r2=1.5;f=h https://bugzilla.redhat.com/show_bug.cgi?id=659297 https://github.com/seb-m/jpake https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A12338