Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Weak private key generation in SSH.NET
Vulnerability Description
SSH.NET is a Secure Shell (SSH) library for .NET. In versions 2020.0.0 and 2020.0.1, during an `X25519` key exchange, the client’s private key is generated with `System.Random`. `System.Random` is not a cryptographically secure random number generator, it must therefore not be used for cryptographic purposes. When establishing an SSH connection to a remote host, during the X25519 key exchange, the private key is generated with a weak random number generator whose seed can be brute forced. This allows an attacker who is able to eavesdrop on the communications to decrypt them. Version 2020.0.2 contains a patch for this issue. As a workaround, one may disable support for `curve25519-sha256` and `curve25519-sha256@libssh.org` key exchange algorithms.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Vulnerability Type
使用具有密码学弱点缺陷的PRNG
Vulnerability Title
SSH.NET 安全特征问题漏洞
Vulnerability Description
SSH.NET是 .NET 的SSH库,针对并行进行了优化。 SSH.NET 2020.0.0 版本和 2020.0.1 版本存在安全特征问题漏洞,该漏洞源于在 X25519 密钥交换期间,客户端的私钥使用 System.Random 生成。System.Random 不是加密安全的随机数生成器,因此不得用于加密目的。
CVSS Information
N/A
Vulnerability Type
N/A