[Bug 2040] Downgrade attack vulnerability when checking SSHFP records

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Sep 7 16:48:33 EST 2012


https://bugzilla.mindrot.org/show_bug.cgi?id=2040

Ondřej Caletka <ondrej at caletka.cz> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #2183|0                           |1
        is obsolete|                            |

--- Comment #4 from Ondřej Caletka <ondrej at caletka.cz> ---
Created attachment 2188
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2188&action=edit
Fix downgrade attack vulnerability in handling SSHFP records

I realized that only fingerprints for same key algorithm as sshd
offered should be counted as found. Otherwise, it would reject SHA-1
SSHFP only because there is a SHA-256 SSHFP for another key algorithm.

As usual, testcase is here, having only SHA-1 SSHFP for RSA Host key:
$ ./ssh -vv -o HostKeyAlgorithms=ssh-rsa -o VerifyHostKeyDNS=yes
sshfp-test-downgrade.oskarcz.net

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list