Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Critical OpenSSH bug leaks private crypto keys just fixed

It has been fixed the OpenSSH vulnerability that can be exploited to steal crypto keys from vulnerable clients. Recently a critical vulnerability in OpenSSH has been fixed, the flaw can leak secret cryptographic keys. The flaw affects end users version of OpenSSH and not server side implementations. Many experts compared the effects of this flaw to the […]

OpenSSH server

Verschluesselte Kommunikation mit OpenSSH

It has been fixed the OpenSSH vulnerability that can be exploited to steal crypto keys from vulnerable clients.

Recently a critical vulnerability in OpenSSH has been fixed, the flaw can leak secret cryptographic keys. The flaw affects end users version of OpenSSH and not server side implementations. Many experts compared the effects of this flaw to the one demonstrated with the exploitation of the Heartbleed vulnerability in the OpenSSL crypto library.

The vulnerability was introduced by code developed to enable an experimental roaming feature in OpenSSH versions 5.4 to 7.1.

“The OpenSSH client code between 5.4 and 7.1 contains experimental support for resuming SSH-connections (roaming). The matching server code has never been shipped, but the client code was enabled by default and could be tricked by a malicious server into leaking client memory to the server, including private client user keys.” states the advisory published this week. “The authentication of the server host key prevents exploitation by a man-in-the-middle, so this information leak is restricted to connections to malicious or compromised servers”

An attacker can configure a server to exploit the vulnerability in OpenSSH and to access the contents of the memory of the user’s PC. With this attack is is possible to capture also the private encryption key used for SSH connections.

openssh

The flaw was discovered by experts from the Qualys security firm which confirmed that an attacker can exploit the flaw in the OpenSSH only after the end user has been successfully authenticated by the malicious server.

“The information leak is exploitable in the default configuration of the OpenSSH client, and (depending on the client’s version, compiler, and operating system) allows a malicious SSH server to steal the client’s private keys.” reads an advisory from Qualys.

OpenSSH end users have two options to mitigate the issue, the first one is to update vulnerable software, but in case it isn’t possible it is suggested to disable the roaming feature by adding the string UseRoaming no to the global ssh_config(5) file or to the user configuration in ~/.ssh/config, or by entering -UseRoaming=no on the command line.

Experts at Qualys do not exclude that a persistent attacker like an intelligence agency may have already exploited the flaw in the OpenSSH by compromising legitimate servers.

“This information leak may have already been exploited in the wild by sophisticated attackers, and high-profile sites or users may need to regenerate their SSH keys accordingly,” continues Qualys.

Pierluigi Paganini

(Security Affairs – OpenSSH , hacking)