[Bug 3711] New: How do you defend against the D (HE) ater attack?

bugzilla-daemon Tue, 16 Jul 2024 05:15:00 -0700

https://bugzilla.mindrot.org/show_bug.cgi?id=3711


            Bug ID: 3711
           Summary: How do you defend against the D (HE) ater attack?
           Product: Portable OpenSSH
           Version: -current
          Hardware: All
                OS: All
            Status: NEW
          Severity: security
          Priority: P5
         Component: sshd
          Assignee: [email protected]
          Reporter: [email protected]

The Diffie-Hellman key agreement protocol allows a remote attacker
(from the client) to send arbitrary numbers that are not actually
public keys and trigger an expensive server-side DHE modular
exponentiation, i.e., a D (HE) at or D (HE) ater attack. The issue has
been flagged as a vulnerability, CVE-2002-20001 and CVE-2022-40735. Is
there a way to fix this vulnerability in openssh?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 3711] New: How do you defend against the D (HE) ater attack?

Reply via email to