GHSA-72p8-v4hg-v45p

Suggest an improvement
Source
https://github.com/advisories/GHSA-72p8-v4hg-v45p
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-72p8-v4hg-v45p/GHSA-72p8-v4hg-v45p.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-72p8-v4hg-v45p
Aliases
Published
2022-06-01T19:50:15Z
Modified
2023-11-08T04:09:12.044025Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Weak private key generation in SSH.NET
Details

During an X25519 key exchange, the client’s private is generated with System.Random:

var rnd = new Random();
_privateKey = new byte[MontgomeryCurve25519.PrivateKeySizeInBytes];
rnd.NextBytes(_privateKey);

Source: KeyExchangeECCurve25519.cs
Source commit: https://github.com/sshnet/SSH.NET/commit/b58a11c0da55da1f5bad46faad2e9b71b7cb35b3

System.Random is not a cryptographically secure random number generator, it must therefore not be used for cryptographic purposes.

Impact

When establishing an SSH connection to a remote host, during the X25519 key exchange, the private key is generated with a weak random number generator whose seed can be bruteforced. This allows an attacker able to eavesdrop the communications to decrypt them.

Workarounds

To ensure you're not affected by this vulnerability, you can disable support for curve25519-sha256 and curve25519-sha256@libssh.org key exchange algorithms by invoking the following method before a connection is established:

private static void RemoveUnsecureKEX(BaseClient client)
{
    client.ConnectionInfo.KeyExchangeAlgorithms.Remove("curve25519-sha256");
    client.ConnectionInfo.KeyExchangeAlgorithms.Remove("curve25519-sha256@libssh.org");
}

Thanks

This issue was initially reported by Siemens AG, Digital Industries, shortly followed by @yaumn-synacktiv.

Database specific
{
    "nvd_published_at": "2022-05-31T17:15:00Z",
    "github_reviewed_at": "2022-06-01T19:50:15Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-330",
        "CWE-338"
    ]
}
References

Affected packages

NuGet / SSH.NET

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2020.0.2

Affected versions

2011.*

2011.7.29
2011.9.28
2011.12.7

2012.*

2012.3.9
2012.12.3
2012.20.12
2012.21.12

2013.*

2013.1.8
2013.1.27
2013.4.7

2014.*

2014.4.6-beta1
2014.4.6-beta2

2016.*

2016.0.0-beta1
2016.0.0-beta2
2016.0.0-beta3
2016.0.0
2016.1.0-beta1
2016.1.0-beta2
2016.1.0-beta3
2016.1.0-beta4
2016.1.0

2020.*

2020.0.0-beta1
2020.0.0
2020.0.1