[Bug 3313] CVE-2020-14145 - will it get fixed?
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu May 27 17:46:17 AEST 2021
https://bugzilla.mindrot.org/show_bug.cgi?id=3313
--- Comment #2 from m.kaiser at bmlv.gv.at ---
Thanks for the answer. Now I understand the problem better.
Mitigation might be possible, but with the risk of a changing
fingerprint due to different preferred algorithms. For most users, this
might be more error prone and it's more likely that the users accepts a
wrong fingerprint.
So the only real mitigation is setting up a CA and using certificates,
or is this a wrong assumption?
The documentation is updated with your answer and the recommendation
how to mitigate this vulnerability was changed.
Sorry, that I have escalated this vulnerability.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list