CVE-2019-19753

SimpleMiningOS through v1259 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: the vendor indicated that they have no plans to fix this, and discourage deployment using public IPv4.
Configurations

No configuration.

History

01 Aug 2024, 13:41

Type Values Removed Values Added
Summary
  • (es) SimpleMiningOS hasta v1259 se entrega con claves de host SSH integradas en la imagen de instalación, lo que permite ataques de intermediario y hace que la identificación de todos los nodos IPv4 públicos sea trivial con Shodan.io. NOTA: el proveedor indicó que no tiene planes de solucionar este problema y desaconseja la implementación mediante IPv4 público.
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.1
CWE CWE-321

30 Apr 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-30 18:15

Updated : 2024-08-01 13:41


NVD link : CVE-2019-19753

Mitre link : CVE-2019-19753

CVE.ORG link : CVE-2019-19753


JSON object : View

Products Affected

No product.

CWE
CWE-321

Use of Hard-coded Cryptographic Key