Public-Key Authentication Vulnerability in OpenSSH by OpenBSD
CVE-2021-36368

3.7LOW

Key Information:

Vendor
OpenBSD
Status
Openssh
Vendor
CVE Published:
13 March 2022

Summary

A vulnerability exists in OpenSSH prior to version 8.9, where a client using public-key authentication with agent forwarding could be at risk if the server has been silently modified to support the None authentication option. This can create confusion for users, as they cannot easily determine whether the FIDO authentication is genuinely confirming their intent to connect to the server or if it's granting permission for the server to connect to another server on their behalf. This situation emphasizes the importance of monitoring server configurations and considering the implications of agent forwarding in secure communications.

References

https://www.openssh.com/security.html
x_refsource_MISC
https://github.com/openssh/openssh-portable/pull/258
x_refsource_MISC
https://bugzilla.mindrot.org/show_bug.cgi?id=3316
x_refsource_CONFIRM

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.