[Bug 1019] Exact version should not be disclosed to hinder attacks
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Apr 20 18:05:17 EST 2005
http://bugzilla.mindrot.org/show_bug.cgi?id=1019
Summary: Exact version should not be disclosed to hinder attacks
Product: Portable OpenSSH
Version: 4.0p1
Platform: All
OS/Version: All
Status: NEW
Severity: minor
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: jeanmarc.gillet at axa-tech.com
At first connection to port 22, the server sends his ID string with the version
number. I think that this should be configurable (a fake version number e.g.) in
order to hinder attacks based on known vulnerabilities. Someone could gain a bit
of time in order to replace its old unsecure version of the ssh server with a
new one.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list