[Bug 2040] Downgrade attack vulnerability when checking SSHFP records

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Jun 30 10:49:30 AEST 2026


https://bugzilla.mindrot.org/show_bug.cgi?id=2040

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

--- Comment #9 from Damien Miller <djm at mindrot.org> ---
This was fixed back in 2021

commit b75a80fa8369864916d4c93a50576155cad4df03
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date:   Mon Jul 19 03:13:28 2021 +0000

    upstream: Ensure that all returned SSHFP records for the specified
host

    name and hostkey type match instead of only one.  While there,
simplify the
    code somewhat and add some debugging.  Based on discussion in
bz#3322, ok
    djm at .

    OpenBSD-Commit-ID: 0a6a0a476eb7f9dfe8fe2c05a1a395e3e9b22ee4

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list