DescriptionA flaw was found in python-synch before the 2.14.1 versions, where the client can log in to the attacker's account without the client being able to detect this. This flaw allows an attacker to control the remote end of the SSH session completely, resulting in a complete break of the confidentiality and integrity of the secure channel, which could cause more issues depending on the application logic implemented by the AsyncSSH server.A flaw was found in python-synch before the 2.14.1 versions, where the client can log in to the attacker's account without the client being able to detect this. This flaw allows an attacker to control the remote end of the SSH session completely, resulting in a complete break of the confidentiality and integrity of the secure channel, which could cause more issues depending on the application logic implemented by the AsyncSSH server.
Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.
Vulmon