logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2022-29245 ssh.net

Package

Manager: nuget
Name: ssh.net
Vulnerable Version: >=0 <2020.0.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00302 pctl0.53009

Details

Weak private key generation in SSH.NET During an **X25519** key exchange, the client’s private is generated with [**System.Random**](https://docs.microsoft.com/en-us/dotnet/api/system.random): ```cs var rnd = new Random(); _privateKey = new byte[MontgomeryCurve25519.PrivateKeySizeInBytes]; rnd.NextBytes(_privateKey); ``` Source: [KeyExchangeECCurve25519.cs](https://github.com/sshnet/SSH.NET/blob/bc99ada7da3f05f50d9379f2644941d91d5bf05a/src/Renci.SshNet/Security/KeyExchangeECCurve25519.cs#L51) Source commit: https://github.com/sshnet/SSH.NET/commit/b58a11c0da55da1f5bad46faad2e9b71b7cb35b3 [**System.Random**](https://docs.microsoft.com/en-us/dotnet/api/system.random) is not a cryptographically secure random number generator, it must therefore not be used for cryptographic purposes. ### Impact When establishing an SSH connection to a remote host, during the X25519 key exchange, the private key is generated with a weak random number generator whose seed can be bruteforced. This allows an attacker able to eavesdrop the communications to decrypt them. ### Workarounds To ensure you're not affected by this vulnerability, you can disable support for `curve25519-sha256` and `curve25519-sha256@libssh.org` key exchange algorithms by invoking the following method before a connection is established: ```cs private static void RemoveUnsecureKEX(BaseClient client) { client.ConnectionInfo.KeyExchangeAlgorithms.Remove("curve25519-sha256"); client.ConnectionInfo.KeyExchangeAlgorithms.Remove("curve25519-sha256@libssh.org"); } ``` ### Thanks This issue was initially reported by **Siemens AG, Digital Industries**, shortly followed by @yaumn-synacktiv.

Metadata

Created: 2022-06-01T19:50:15Z
Modified: 2022-06-15T18:57:58Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-72p8-v4hg-v45p/GHSA-72p8-v4hg-v45p.json
CWE IDs: ["CWE-330", "CWE-338"]
Alternative ID: GHSA-72p8-v4hg-v45p
Finding: F034
Auto approve: 1