[Bug 3387] New: Will future versions of openssh not support DHE because of "dheater" vulnerability :CVE-2002-20001?
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Feb 11 14:57:39 AEDT 2022
https://bugzilla.mindrot.org/show_bug.cgi?id=3387
Bug ID: 3387
Summary: Will future versions of openssh not support DHE
because of "dheater" vulnerability :CVE-2002-20001?
Product: Portable OpenSSH
Version: 8.8p1
Hardware: Other
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: rmsh1216 at 163.com
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from
the client side) to send arbitrary numbers that are actually not public
keys, and trigger expensive server-side DHE modular-exponentiation
calculations, aka a D(HE)ater attack. We have repeated the attack when
establish ssh connections. What will openssh do to avoid dheater?
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list