Man in the middle attack vector found in sshconnect.c
Duplicate:
- Add ssh key for remote server, but add wrong IP
- ssh now prompts: Are you sure you want to continue connecting? yes/no
- User enters
yes but then realizes, oh boy, it's a man in the middle attack, and yet the backspace key is broken (thanks, peanut butter). So then ultimately submits yes_waitnobackspaceisbroken
- Validation fails, ssh accepts the
yes answer. The database and files are hacked and everything lost. The CTO writes a blog post on Medium as a postmortem, but loses entire customer base. Great, ssh.
See line here:
|
const char *msg, *again = "Please type 'yes' or 'no': "; |
The check for the yes value only checks to see that yes is at position 0. If the user types in yesohwaitmybackspacekeyisbroken_imeantno they will be potentially vulnerable to a man in the middle attack, not knowing the validation has failed them.
Scary stuff.
Man in the middle attack vector found in
sshconnect.cDuplicate:
yesbut then realizes, oh boy, it's a man in the middle attack, and yet the backspace key is broken (thanks, peanut butter). So then ultimately submitsyes_waitnobackspaceisbrokenyesanswer. The database and files are hacked and everything lost. The CTO writes a blog post on Medium as a postmortem, but loses entire customer base. Great, ssh.See line here:
obfuscated-openssh/sshconnect.c
Line 570 in ca93a2c
The check for the
yesvalue only checks to see thatyesis at position 0. If the user types inyesohwaitmybackspacekeyisbroken_imeantnothey will be potentially vulnerable to a man in the middle attack, not knowing the validation has failed them.Scary stuff.