Displaying 1 result from an estimated 1 matches for "oskarcz".
Did you mean:
oskar
2012 Aug 31
9
[Bug 2040] New: Downgrade attack vulnerability when checking SSHFP records
...ST be rejected rather than testing the alternative SHA-1 fingerprint.
The current version of SSH does not conform this requirement. Attached
patch fixes this issue.
It can be tested using this command:
$ ssh -vv -o HostKeyAlgorithms=ecdsa-sha2-nistp521 -o
VerifyHostKeyDNS=yes sshfp-test-downgrade.oskarcz.net
(The SSHFP records with SHA-256 digests for hostname
sshfp-test-downgrade.oskarcz.net are intentionally altered.)
--
You are receiving this mail because:
You are watching the assignee of the bug.