Impact
When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication against the SSH service
Details
The user 'foo' generated an SSH public key named 'test_id_rsa.pub' for updating settings. An attacker could potentially exploit this by using the public key to attempt brute-force authentication against the SSH service.
ssh foo@<koko_ip> -p2222 -i test_id_rsa.pub
foo
Please Enter MFA Code.
(foo@<koko_ip>) [OTP Code]:
Patches
Safe versions: >= v3.6.5,== v3.5.6
Workarounds
It is recommended to upgrade the safe versions.
After upgrade, use the following command to check whether the vulnerability is fixed:
ssh foo@<koko_ip> -p2222 -i test_id_rsa.pub
Load key "test_id_rsa.pub": invalid format
References
Thanks for Ethan Yang & Hui Song & pokerstarxy found and report this vulnerability
justlovediaodiao Finder
songofhawk Reporter
Impact
When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication against the SSH service
Details
The user 'foo' generated an SSH public key named 'test_id_rsa.pub' for updating settings. An attacker could potentially exploit this by using the public key to attempt brute-force authentication against the SSH service.
Patches
Safe versions: >= v3.6.5,== v3.5.6
Workarounds
It is recommended to upgrade the safe versions.
After upgrade, use the following command to check whether the vulnerability is fixed:
References
Thanks for Ethan Yang & Hui Song & pokerstarxy found and report this vulnerability