Smartcard Key Management Vulnerability in OpenSSH by OpenBSD
CVE-2023-28531
9.8CRITICAL
What is CVE-2023-28531?
A security flaw exists in OpenSSH versions prior to 9.3, where the ssh-add tool inadvertently adds smartcard keys to the ssh-agent without enforcing the necessary per-hop destination constraints. This weakness allows for potential unauthorized access to sensitive resources by failing to properly limit the context in which keys are added. Users operating on affected versions should assess their security stance and consider implementing available mitigations.