OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.
References
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 02:06
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2010-12-06 22:30
Updated : 2024-02-28 11:41
NVD link : CVE-2010-4478
Mitre link : CVE-2010-4478
CVE.ORG link : CVE-2010-4478
JSON object : View
Products Affected
openbsd
- openssh
CWE
CWE-287
Improper Authentication