7.5
CVSSv2

CVE-2001-1473

Published: 18/01/2001 Updated: 20/11/2024

Vulnerability Summary

The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the malicious user to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ssh ssh 1.2.24

ssh ssh 1.2.25

ssh ssh 1.2.26

ssh ssh 1.2.27

ssh ssh 1.2.28

ssh ssh 1.2.29

ssh ssh 1.2.30

ssh ssh 1.2.31

Github Repositories

A novel approach to the old problem

How to exploit CVE-2001-1473 We employed a novel approach to an age-old vulnerability in the SSH-1 protocol, as described by CVE-2001-1473 This vulnerability enables a Man-in-the-Middle (MITM) server to intercept an SSH-1 session between a client and a vulnerable server, potentially exposing the user's private key However, executing a practical attack necessitates the cl