The client side in OpenSSH 5.7 up to and including 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle malicious users to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openbsd openssh 8.4 |
||
openbsd openssh |
||
openbsd openssh 8.5 |
||
openbsd openssh 8.6 |
||
netapp aff_a700s_firmware - |
||
netapp steelstore cloud integrated storage - |
||
netapp ontap select deploy administration utility - |
||
netapp active iq unified manager |
||
netapp solidfire - |
||
netapp hci management node - |
||
netapp hci storage node - |
||
netapp hci compute node - |