CVE-2021-36369 — Improper Authentication in Dropbear

CWE-287 — Improper Authentication7 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 65.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dropbear SSH Project Dropbear SSH Debian Dropbear Debian Linux

Timeline

PublishedOct 12

Latest updateFeb 25

Description

An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/dropbear< dropbear 2022.82-1 (bookworm)

▶Debiandropbear_ssh_project/dropbear_ssh< 2020.81-3+deb11u1+3

▶Ubuntudropbear_ssh_project/dropbear_ssh< 2020.81-5ubuntu0.1+2

▶NVDdropbear_ssh_project/dropbear_ssh2020.81

Also affects: Debian Linux 10.0

🔴Vulnerability Details

OSV

Several security issues were fixed in Dropbear↗2025-02-25

▶

GHSA

GHSA-mwx5-864v-x3jc: An issue was discovered in Dropbear through 2020↗2022-10-13

▶

OSV

CVE-2021-36369: An issue was discovered in Dropbear through 2020↗2022-10-12

▶

📋Vendor Advisories

Ubuntu

Dropbear vulnerabilities↗2025-02-25

▶

CISA ICS

Siemens SCALANCE XCM-/XRM-300↗2024-02-15

▶

Debian

CVE-2021-36369: dropbear - An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant ...↗2021

▶