[Bug 3313] CVE-2020-14145 - will it get fixed?

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu May 27 17:46:17 AEST 2021


--- Comment #2 from m.kaiser at bmlv.gv.at ---
Thanks for the answer. Now I understand the problem better.

Mitigation might be possible, but with the risk of a changing
fingerprint due to different preferred algorithms. For most users, this
might be more error prone and it's more likely that the users accepts a
wrong fingerprint.

So the only real mitigation is setting up a CA and using certificates,
or is this a wrong assumption?

The documentation is updated with your answer and the recommendation
how to mitigate this vulnerability was changed.

Sorry, that I have escalated this vulnerability.

You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list