[Bug 2040] Downgrade attack vulnerability when checking SSHFP records
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Jan 31 03:20:40 EST 2013
https://bugzilla.mindrot.org/show_bug.cgi?id=2040
Ondřej Caletka <ondrej at caletka.cz> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2188|0 |1
is obsolete| |
--- Comment #6 from Ondřej Caletka <ondrej at caletka.cz> ---
Created attachment 2211
--> https://bugzilla.mindrot.org/attachment.cgi?id=2211&action=edit
Fix downgrade attack vulnerability in handling SSHFP records
Here comes a new version of the patch fixing downgrade vulnerability as
the former one did not work well after applying the „future digests“
patch. Instructions counting found DNS records are shifted after
hostkey initialization.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list