Bug 1852930 (CVE-2020-14145) - CVE-2020-14145 openssh: Observable Discrepancy leading to an information leak in the algorithm negotiation
Summary: CVE-2020-14145 openssh: Observable Discrepancy leading to an information leak...
Keywords:
Status: NEW
Alias: CVE-2020-14145
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1852931 1882252 1882253
Blocks: 1852932
TreeView+ depends on / blocked
 
Reported: 2020-07-01 15:34 UTC by Michael Kaplan
Modified: 2021-01-12 16:18 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in OpenSSH in versions 5.7 through 8.3, where an Observable Discrepancy occurs and leads to an information leak in the algorithm negotiation. This flaw allows a man-in-the-middle attacker to target initial connection attempts, where there is no host key for the server that has been cached by the client.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Michael Kaplan 2020-07-01 15:34:33 UTC
The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client).

References:

https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1
https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/

Comment 1 Michael Kaplan 2020-07-01 15:34:51 UTC
Created openssh tracking bugs for this issue:

Affects: fedora-all [bug 1852931]

Comment 5 Huzaifa S. Sidhpurwala 2020-07-08 04:33:42 UTC
Statement:

This attack is only feasible when connecting to a malicious man-in-the-middle SSH servers, whose host keys have not been verified by the ssh client side users. The attacker can only detect if the client is using a host key from its key store or new host key has been presented to it. Therefore does not present a real world attack scenario.

Comment 6 Huzaifa S. Sidhpurwala 2020-07-08 04:33:46 UTC
Mitigation:

Always connect to SSH servers with verified host keys to avoid any possibilities of man-in-the-middle attack.

Comment 11 Sebastian Hetze 2020-11-17 10:52:27 UTC
Hi *,

I do not agree with the low impact classification for this bug.

In fact, the information leak allows MitM to filter out target hosts that have stored a previously exchanged host-key and attack only those hosts that go through the initial key exchange procedure.

Most users have limited capabilities to validate the host key fingerprint and therefor accept the first key presented to them.

With the CVE-2020-14145 it is significantly less likely that the MitM will be discovered. Or on the other hand: if this bug is fixed, the MitM faces a substantial risk to be discovered by users that get a warning about host key changed.

For this reason, it is highly desired that this bug will be fixed.

Best regards,

  Sebastian Hetze

Comment 14 Nikhil Joshi 2020-12-01 08:29:12 UTC
Hello Team,

Any updates on this?

Regards,
Nikhil Joshi

Comment 16 Nikhil Joshi 2020-12-08 08:08:22 UTC
Hello,

Any updates on this?

Regards,
Nikhil Joshi


Note You need to log in before you can comment on or make changes to this bug.