[Bug 3711] New: How do you defend against the D (HE) ater attack?
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Jul 16 22:14:16 AEST 2024
https://bugzilla.mindrot.org/show_bug.cgi?id=3711
Bug ID: 3711
Summary: How do you defend against the D (HE) ater attack?
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: All
Status: NEW
Severity: security
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: rmsh1216 at 163.com
The Diffie-Hellman key agreement protocol allows a remote attacker
(from the client) to send arbitrary numbers that are not actually
public keys and trigger an expensive server-side DHE modular
exponentiation, i.e., a D (HE) at or D (HE) ater attack. The issue has
been flagged as a vulnerability, CVE-2002-20001 and CVE-2022-40735. Is
there a way to fix this vulnerability in openssh?
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list