Overview
An implementation problem in at least one Secure Shell (SSH) product and a weakness in the PKCS#1_1.5 public key encryption standard allows attackers to recover plaintext of messages encrypted with SSH.
Description
A weakness in some SSH products using the SSH1 protocol may allow an attacker to determine internal cryptologic states. Combined with a weakness in the PKCS#1_1.5 public key encryption standard, used by SSH protocol 1.5, this vulnerability may be exploited to recover arbitrary session keys used for symmetric encryption in SSH connections. It has been reported that these vulnerabilities are relatively difficult to exploit. |
Impact
An attacker may recover an SSH connection's session key and decrypt all communications from the connection. |
Solution
Apply a patch available from your vendor This vulnerability was first reported and patched in early 2001. |
Reduce potential exposure |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to CORE SDI for reporting this vulnerability and to Markus Friedl and Tatu Ylonen for their helpful clarifications.
This document was written by Shawn Van Ittersum.
Other Information
| CVE IDs: | CVE-2001-0361 |
| Severity Metric: | 6.48 |
| Date Public: | 2001-02-13 |
| Date First Published: | 2002-07-31 |
| Date Last Updated: | 2002-07-31 23:01 UTC |
| Document Revision: | 20 |