Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2017-3204

Published: 04/04/2017 Updated: 07/07/2020
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Crypto

Vulnerability Summary

The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

golang crypto

Vendor Advisories

Debian CVElist Bug Report Logs: golang-go.crypto: CVE-2017-3204
Debian Bug report logs - #859655 golang-gocrypto: CVE-2017-3204 Package: src:golang-gocrypto; Maintainer for src:golang-gocrypto is Debian Go Packaging Team <team+pkg-go@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 5 Apr 2017 15:06:05 UTC Owned by: Michael Lustfield <mic ...
Red Hat: CVE-2017-3204
The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism ...

Github Repositories

https://github.com/yaronsumel/grapes

easy way to distribute commands over ssh.

grapes grapes is lightweight tool designed to distribute commands over ssh with ease Update (25/04/2019) Handshake validation is now in place in order to fix CVE-2017-3204, The validation will use the built-in fingerprint list ~/ssh/known_hosts as default In order to add your ssh server fingerprint to known_hosts run the following: $ ssh-keyscan -H YOURHOSTCOM >&

References

NVD-CWE-noinfohttps://godoc.org/golang.org/x/crypto/sshhttps://github.com/golang/go/issues/19767https://github.com/golang/crypto/commit/e4e2799dd7aab89f583e1d898300d96367750991https://bridge.grumpy-troll.org/2017/04/golang-ssh-security/http://www.securityfocus.com/bid/97481https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859655https://nvd.nist.govhttps://github.com/yaronsumel/grapeshttps://access.redhat.com/security/cve/cve-2017-3204
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook