[Bug 2040] Downgrade attack vulnerability when checking SSHFP records
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Jun 30 10:49:30 AEST 2026
https://bugzilla.mindrot.org/show_bug.cgi?id=2040
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #9 from Damien Miller <djm at mindrot.org> ---
This was fixed back in 2021
commit b75a80fa8369864916d4c93a50576155cad4df03
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date: Mon Jul 19 03:13:28 2021 +0000
upstream: Ensure that all returned SSHFP records for the specified
host
name and hostkey type match instead of only one. While there,
simplify the
code somewhat and add some debugging. Based on discussion in
bz#3322, ok
djm at .
OpenBSD-Commit-ID: 0a6a0a476eb7f9dfe8fe2c05a1a395e3e9b22ee4
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list