Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.
No PoCs from references.
- https://github.com/0xb0rn3/r3cond0g
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Fastiraz/openssh-cve-resolv
- https://github.com/Hughes-Actual/Recon-Assignment-Hughes
- https://github.com/J0hnKn1f3/UltraRecon
- https://github.com/Maribel0370/Nebula-io
- https://github.com/NeoOniX/5ATTACK
- https://github.com/OhDamnn/Noregressh
- https://github.com/Totes5706/TotesHTB
- https://github.com/VladimirFogel/PRO4
- https://github.com/adegoodyer/ubuntu
- https://github.com/alvarigno/ChocolateFire-DockerLab
- https://github.com/alvarigno22/ChocolateFire-DockerLab
- https://github.com/austin-lai/External-Penetration-Testing-Holo-Corporate-Network-TryHackMe-Holo-Network
- https://github.com/bioly230/THM_Skynet
- https://github.com/firatesatoglu/shodanSearch
- https://github.com/hackingyseguridad/ssha
- https://github.com/krlabs/openssh-vulnerabilities
- https://github.com/phx/cvescan
- https://github.com/rudra9603/vulnerability-scanner
- https://github.com/siddicky/git-and-crumpets
- https://github.com/vshaliii/Basic-Pentesting-2-Vulnhub-Walkthrough
- https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough
- https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough
- https://github.com/vshaliii/DC-4-Vulnhub-Walkthrough
- https://github.com/vshaliii/Funbox2-rookie
- https://github.com/wooflock/nmap-airgapped-vulnscan