Cryptographic Issues
CVE-2017-3204
Summary
The Go SSH library (x/crypto/ssh) version prior to v0.0.0-20170330155735-e4e2799dd7aa by default does not verify host keys, facilitating Man-In-The-Middle attacks. The default behavior was changed to explicitly require the host keys verification mechanism. Now, a missing "HostKeyCallback" will cause the handshake to fail.
- HIGH
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- HIGH
- HIGH
CWE-310 - Cryptographic Issues
Cryptographic issues is a category of weaknesses related to the design and implementation of the confidentiality and integrity of data. If not addressed, the weaknesses in this category can lead to data quality degradation.
Advisory Timeline
- Published