virus logo Endpoint Vulnerability

openssh: weakness of agent locking (ssh-add -x) to password guessing

description-logoDescription

It was found that the OpenSSH ssh-agent, a program to hold private keys used for public key authentication, was vulnerable to password guessing attacks. An attacker able to connect to the agent could use this flaw to conduct a brute-force attack to unlock keys in the ssh-agent.

affected-products-logoAffected Applications

openssh

Version Updates

Date Version Status Detail
2020-02-21 2.00048
New
 openssh
2019-03-21 1.00036
Modified
 openssh
2019-01-03 1.00033
Modified
 openssh

References

https://bugzilla.redhat.com/show_bug.cgi?id=1238238
ID 45012
Created Feb 22, 2023
Description
Updated		 Feb 22, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor Fedora
Patch auto
Application openssh