openSSH and SLOTH vulnerability

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi

I got 2 questions related to info in the SLOTH article, can someone help 
with these? 
1. For SSH2 exposure for the (CVE-2015-7575) SLOTH (
http://www.mitls.org/pages/attacks/SLOTH), the chart in that URL 
identifies a downgrade attack for SSH2 protocol, Key Exchange Integrity 
SHA1.  Is the remediation for that vulnerability to modify the config 
files to remove the MD5 and SHA1 as MAC's (Message Authentication Codes) ? 

2. Is there any exposure related to using the ssh-keygen for the initial 
creation of the public/private key pairs or the exposure of the related 
fingerprint used (https://en.wikipedia.org/wiki/Public_key_fingerprint) ?

Thanks


Regards
Sandeep

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux