January 15, 2016

Bug That Can Leak Crypto Keys Just Fixed in Widely Used OpenSSH

software-bug-640x404Vulnerability allows malicious servers to read memory on connecting computers. A critical bug that can leak secret cryptographic keys has just just been fixed in OpenSSH, one of the more widely used implementations of the secure shell (SSH) protocol.

The vulnerability resides only in the version end users use to connect to servers and not in versions used by servers. A maliciously configured server could exploit it to obtain the contents of the connecting computer's memory, including the private encryption key used for SSH connections. The bug is the result of code that enables an experimental roaming feature in OpenSSH versions 5.4 to 7.1.

Read more at Ars Technica

Click Here!