CVE-2010-4478 — Improper Access Control in Openssh

CWE-284 — Improper Access Control CWE-287 — Improper Authentication6 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 36.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openbsd Openssh

Timeline

PublishedDec 6

Latest updateMay 17

Description

OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDopenbsd/openssh5.6+77

Patches

Patch: www.openbsd.org ↗Patch: bugzilla.redhat.com ↗Patch: www.openbsd.org ↗

🔴Vulnerability Details

GHSA

GHSA-7m62-4jfr-67wh: OpenSSH 5↗2022-05-17

▶

CVEList

CVE-2010-4478: OpenSSH 5↗2010-12-06

▶

📋Vendor Advisories

Red Hat

openssh: J-PAKE authentication bypass↗2010-09-20

▶

Debian

CVE-2010-4478: openssh - OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the ...↗2010

▶

💬Community

Bugzilla

CVE-2010-4478 openssh: J-PAKE authentication bypass↗2010-12-07

▶