Closed
Description
Hi!
Is this library affected by the Terrapin Vulnerability ?
I tried this library with Terrapin-Scanner and the output of the scanner says that SSHJ is affected:
G:\Downloads>Terrapin_Scanner_Windows_amd64.exe --listen 2222
Listening for incoming client connection on 127.0.0.1:2222
================================================================================
==================================== Report ====================================
================================================================================
Remote Banner: SSH-2.0-SSHJ_0.37.0
ChaCha20-Poly1305 support: true
CBC-EtM support: true
Strict key exchange support: false
==> The scanned peer is VULNERABLE to Terrapin.
Note: This tool is provided as is, with no warranty whatsoever. It determines
the vulnerability of a peer by checking the supported algorithms and
support for strict key exchange. It may falsely claim a peer to be
vulnerable if the vendor supports countermeasures other than strict key
exchange.
For more details visit our website available at https://terrapin-attack.com
Metadata
Metadata
Assignees
Labels
No labels