Login
Start Free Trial
Research Center
CVE-2022-29245 Research Center

CVE-2022-29245

SSH.NET is a Secure Shell (SSH) library for .NET. In versions 2020.0.0 and 2020.0.1, during an `X25519` key exchange, the client’s private key is generated with `System.Random`. `System.Random` is not a cryptographically secure random number generator, it must therefore not be used for cryptographic purposes. When establishing an SSH connection to a remote host, during the X25519 key exchange, the private key is generated with a weak random number generator whose seed can be brute forced. This allows an attacker who is able to eavesdrop on the communications to decrypt them. Version 2020.0.2 contains a patch for this issue. As a workaround, one may disable support for `curve25519-sha256` and `curve25519-sha256@libssh.org` key exchange algorithms.

  • 5.9 medium severity

  • CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

  • 31/05/2022

Products 1

Ss

Ssh.net

by Ssh.net Project

15 Versions

2 months ago

Vulnerability Categories 1

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

xTags 5

#exposed_to_RCE_attack
#easy_to_exploit
#known_vulnerability
#confidentiality_impact_if_exploited
#new_vulnerability_published

Patch Links 1

https://github.com/sshnet/SSH.NET/commit/03c6d60736b8f7b42e44d6989a53f9b644a091fb
Patch Now

Advisory Links 4

https://github.com/sshnet/SSH.NET/security/advisories/GHSA-72p8-v4hg-v45p
https://github.com/sshnet/SSH.NET/releases/tag/2020.0.2
https://github.com/sshnet/SSH.NET/blob/bc99ada7da3f05f50d9379f2644941d91d5bf05a/src/Renci.SshNet/Security/KeyExchangeECCurve25519.cs#L51
https://github.com/sshnet/SSH.NET/commit/03c6d60736b8f7b42e44d6989a53f9b644a091fb
http://www.vicarius.io is owned and operated by Vicarius Ltd. (the “Company”). All information contained on the Website is purely for informational, and educational purposes and should be independently verified and confirmed. Vicarius does not accept any liability for any loss or damage whatsoever caused in reliance upon such information or services. No statements or information presented in any form by Vicarius is intended as fact, and you agree that you will not consider the statements or information presented on the Website as fact or as a guarantee of performance.

Related CVEs

Security Research Topics

By John Kilhefner
Aug 09, 2022

Analyzing the Quantum Threat

This isn’t just another “next step” of computing… The application of emerging quantum computing tech in the cybersecurity industry will result in arguably the most significant disruption the world has ever seen. Just how can a new evolution of computing do all this? Through the strange world of quantum mechanics.
By Michael Assraf
Aug 08, 2022

An Origin Story: vsociety

Welcome to vsociety – the open, independent, and user-centered community with features built specifically to make vulnerability research shareable and actionable at scale. We don't make many self-posts, but wanted to share our origins with you...
By M /
Aug 08, 2022

Exploiting Google SLO Generator with Python YAML Deserialization Attack

In this blog post, we will be detailing a new vector to exploit a vulnerable version of Google SLO Generator, a widely used Python library publicly available on Github. In other words, we will be searching for an older version that we can exploit to highlight the importance of keeping software packages up to date.
By John Kilhefner
Aug 08, 2022

Blockchain Security -- The New Threat. Part 1.

A new threat is on the horizon. And this new paradigm promises to be the most profound shift for security professionals since the dot-com boom of the nineties. I’m talking about blockchains and decentralized economies in the 2020s. To get a sense for the scope of change in front of us, we need to take a trip down memory lane – to the advent of the internet.
By Kent Weigle
Aug 05, 2022

CISAnalysis 05 August 2022

CVE-2022-27924, a vulnerability published in May 2022, has been added to CISA's Known Exploited Vulnerabilities Catalog.
last_chanse_02.png

Start Closing Security Gaps

  • Risk reduction from Day 1
  • Fast set-up and deployment
  • Unified platform
  • Full-featured 30-day trial
Get a Demo
Start Free Trial!