You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A MITM attacker can arbitrarily delete messages from a connection before the secure channel is established, as sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers. Depending on the cipher being used, once the secure channel is established, the attacker can then use the manipulated sequence numbers to delete messages sent immediately after the channel is established.
These issues were fixed in OpenSSH 9.6, and documented in section 1.9 of the PROTOCOL file.
A MITM attacker can arbitrarily delete messages from a connection before the secure channel is established, as sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers. Depending on the cipher being used, once the secure channel is established, the attacker can then use the manipulated sequence numbers to delete messages sent immediately after the channel is established.
These issues were fixed in OpenSSH 9.6, and documented in section 1.9 of the PROTOCOL file.
This is CVE-2023-48795.
The text was updated successfully, but these errors were encountered: