An implementation problem in at least one Secure Shell (SSH) product and a weakness in the PKCS#1_1.5 public key encryption standard allows attackers to recover plaintext of messages encrypted with SSH.
A weakness in some SSH products using the SSH1 protocol may allow an attacker to determine internal cryptologic states. Combined with a weakness in the PKCS#1_1.5 public key encryption standard, used by SSH protocol 1.5, this vulnerability may be exploited to recover arbitrary session keys used for symmetric encryption in SSH connections. It has been reported that these vulnerabilities are relatively difficult to exploit.
An attacker may recover an SSH connection's session key and decrypt all communications from the connection.
Apply a patch available from your vendor
This vulnerability was first reported and patched in early 2001.
Reduce potential exposure
Thanks to CORE SDI for reporting this vulnerability and to Markus Friedl and Tatu Ylonen for their helpful clarifications.
This document was written by Shawn Van Ittersum.
|Date First Published:||2002-07-31|
|Date Last Updated:||2002-07-31 23:01 UTC|