CVE-2019-19753

SimpleMiningOS through v1259 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: the vendor indicated that they have no plans to fix this, and discourage deployment using public IPv4.
Configurations

No configuration.

History

21 Nov 2024, 04:35

Type Values Removed Values Added
References () https://rsaxvc.net/blog/2020/4/10/Widespread_re-use_of_SSH_Host_Keys_in_Ethereum_Mining_Rig_Operating_Systems.html - () https://rsaxvc.net/blog/2020/4/10/Widespread_re-use_of_SSH_Host_Keys_in_Ethereum_Mining_Rig_Operating_Systems.html -
References () https://simplemining.net/page/changelog - () https://simplemining.net/page/changelog -

01 Aug 2024, 13:41

Type Values Removed Values Added
Summary
  • (es) SimpleMiningOS hasta v1259 se entrega con claves de host SSH integradas en la imagen de instalación, lo que permite ataques de intermediario y hace que la identificación de todos los nodos IPv4 públicos sea trivial con Shodan.io. NOTA: el proveedor indicó que no tiene planes de solucionar este problema y desaconseja la implementación mediante IPv4 público.
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.1
CWE CWE-321

30 Apr 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-30 18:15

Updated : 2024-11-21 04:35


NVD link : CVE-2019-19753

Mitre link : CVE-2019-19753

CVE.ORG link : CVE-2019-19753


JSON object : View

Products Affected

No product.

CWE
CWE-321

Use of Hard-coded Cryptographic Key