[Bug 2040] New: Downgrade attack vulnerability when checking SSHFP records

Fri Aug 31 19:24:47 EST 2012

https://bugzilla.mindrot.org/show_bug.cgi?id=2040

          Priority: P5
            Bug ID: 2040
          Assignee: unassigned-bugs at mindrot.org
           Summary: Downgrade attack vulnerability when checking SSHFP
                    records
          Severity: minor
    Classification: Unclassified
                OS: All
          Reporter: ondrej at caletka.cz
          Hardware: All
            Status: NEW
           Version: 6.1p1
         Component: ssh
           Product: Portable OpenSSH

Created attachment 2183
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2183&action=edit
Fix downgrade attack vulnerability in handling SSHFP records

To quote RFC 6594, section 4.1.:
> Secure Shell implementations that support SHA-256 fingerprints MUST prefer a SHA-256 fingerprint over SHA-1 if both are available for a server.  If the SHA-256 fingerprint is tested and does not match the SSH public key received from the SSH server, then the key MUST be rejected rather than testing the alternative SHA-1 fingerprint.

The current version of SSH does not conform this requirement. Attached
patch fixes this issue.

It can be tested using this command:
$ ssh -vv -o HostKeyAlgorithms=ecdsa-sha2-nistp521 -o
VerifyHostKeyDNS=yes sshfp-test-downgrade.oskarcz.net

(The SSHFP records with SHA-256 digests for hostname
sshfp-test-downgrade.oskarcz.net are intentionally altered.)

-- 
You are receiving this mail because:
You are watching the assignee of the bug.