VanDyke Software Information for VU#958563

SSH CBC vulnerability

Status

Affected

Vendor Statement

VShell® version 3.5.1 and earlier, SecureCRT® version 6.1.2 and earlier, SecureFX® version 6.1.2 and earlier, and VanDyke ClientPack 6.1.2 and earlier are potentially vulnerable to this attack.

Vendor Information

The advisory recommends using the AES cipher in CTR mode rather than CBC mode. VShell for some platforms, SecureCRT, SecureFX, and the VanDyke ClientPack for some platforms now prefer the AES cipher in CTR mode by default. Please see the following web page for more information.

http://www.vandyke.com/support/advisory/2008/12/cpni-957037.html

Vendor References

None

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.