CVE-2010-4478
published 2010-12-06CVE-2010-4478: OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to…
PriorityP347critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.24%
89.8th percentile
OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.
Affected
79 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssh | — | — |
| openbsd | openssh | <= 5.6 | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_debian7.5LOW
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
openssh: J-PAKE authentication bypass
vendor_redhat·2010-09-20·CVSS 7.5
CVE-2010-4478 [HIGH] CWE-284 openssh: J-PAKE authentication bypass
openssh: J-PAKE authentication bypass
OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.
Statement: Not vulnerable. This issue did not affect the versions of openssh as shipped with Red Hat Enterprise Linux 4, 5, or 6.
Debian
CVE-2010-4478: openssh - OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the ...
vendor_debian·2010·CVSS 7.5
CVE-2010-4478 [HIGH] CVE-2010-4478: openssh - OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the ...
OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
VulDB
OpenSSH up to 3.9 improper authentication (Bug 659297 / Nessus ID 44081)
vuldb·2026-05-29·CVSS 9.8
CVE-2010-4478 [CRITICAL] OpenSSH up to 3.9 improper authentication (Bug 659297 / Nessus ID 44081)
A vulnerability was found in OpenSSH up to 3.9 and classified as problematic. This affects an unknown part. Such manipulation leads to improper authentication.
This vulnerability is referenced as CVE-2010-4478. It is possible to launch the attack remotely. No exploit is available.
GHSA
GHSA-7m62-4jfr-67wh: OpenSSH 5
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2010-4478 [HIGH] CWE-287 GHSA-7m62-4jfr-67wh: OpenSSH 5
OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.
No detection rules found.
No public exploits indexed.
arXiv
Understanding Internet of Things Malware by Analyzing Endpoints in their Static Artifacts
arxiv_fulltext·2021-03-26
Understanding Internet of Things Malware by Analyzing Endpoints in their Static Artifacts
Understanding Internet of Things Malware by Analyzing Endpoints in their Static Artifacts
Afsah Anwar^1, Jinchun Choi^1,2, Abdulrahman Alabduljabbar^1, Hisham Alasmary^1,3,
Jeffrey Spaulding^4, An Wang^5, Songqing Chen^6, DaeHun Nyang^7, Amro Awad^8, and David Mohaisen^1
^1 University of Central Florida
2mm^2 Texas A&M University 2mm^3 King Khalid University 2mm^4 Canisius College
2mm^5 Case Western Reserve University
2mm^6 GMU 2mm^7 Ewha Womans University 2mm^8 NCSU
## Abstract
The lack of security measures among the Internet of Things (IoT) devices and their persistent online connection gives adversaries a prime opportunity to target them or even abuse them as intermediary targets in larger attacks such as distributed denial-of-service (DDoS) campaigns. In this paper, we analyze IoT m
Bugzilla
CVE-2010-4478 openssh: J-PAKE authentication bypass
bugzilla·2010-12-07·CVSS 7.5
CVE-2010-4478 [HIGH] CVE-2010-4478 openssh: J-PAKE authentication bypass
CVE-2010-4478 openssh: J-PAKE authentication bypass
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4478 to the following vulnerability:
OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.
References:
http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf
https://github.com/seb-m/jpake
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c#rev1.5
Discussion:
As noted in Sébastien Martini's paper, J-PAKE support in OpenSSH is experimental work-in-progress. It's not enabled in Red
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdfhttp://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c#rev1.5http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c.diff?r1=1.4%3Br2=1.5%3Bf=hhttps://bugzilla.redhat.com/show_bug.cgi?id=659297https://github.com/seb-m/jpakehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12338http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdfhttp://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c#rev1.5http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c.diff?r1=1.4%3Br2=1.5%3Bf=hhttps://bugzilla.redhat.com/show_bug.cgi?id=659297https://github.com/seb-m/jpakehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12338
2010-12-06
Published