VanDyke Software Information for VU#958563
SSH CBC vulnerability
- Vendor Information Help Date Notified: 07 Nov 2008
- Statement Date:
- Date Updated: 12 Jan 2009
VShell® version 3.5.1 and earlier, SecureCRT® version 6.1.2 and earlier, SecureFX® version 6.1.2 and earlier, and VanDyke ClientPack 6.1.2 and earlier are potentially vulnerable to this attack.
The advisory recommends using the AES cipher in CTR mode rather than CBC mode. VShell for some platforms, SecureCRT, SecureFX, and the VanDyke ClientPack for some platforms now prefer the AES cipher in CTR mode by default. Please see the following web page for more information.
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.