[Bug 3711] New: How do you defend against the D (HE) ater attack?

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Jul 16 22:14:16 AEST 2024


https://bugzilla.mindrot.org/show_bug.cgi?id=3711

            Bug ID: 3711
           Summary: How do you defend against the D (HE) ater attack?
           Product: Portable OpenSSH
           Version: -current
          Hardware: All
                OS: All
            Status: NEW
          Severity: security
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: rmsh1216 at 163.com

The Diffie-Hellman key agreement protocol allows a remote attacker
(from the client) to send arbitrary numbers that are not actually
public keys and trigger an expensive server-side DHE modular
exponentiation, i.e., a D (HE) at or D (HE) ater attack. The issue has
been flagged as a vulnerability, CVE-2002-20001 and CVE-2022-40735. Is
there a way to fix this vulnerability in openssh?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list