Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03MnA4LXY0aGctdjQ1cM4AArTX
Weak private key generation in SSH.NET
During an X25519 key exchange, the client’s private is generated with System.Random:
var rnd = new Random();
_privateKey = new byte[MontgomeryCurve25519.PrivateKeySizeInBytes];
rnd.NextBytes(_privateKey);
Source: KeyExchangeECCurve25519.cs
Source commit: https://github.com/sshnet/SSH.NET/commit/b58a11c0da55da1f5bad46faad2e9b71b7cb35b3
System.Random is not a cryptographically secure random number generator, it must therefore not be used for cryptographic purposes.
Impact
When establishing an SSH connection to a remote host, during the X25519 key exchange, the private key is generated with
a weak random number generator whose seed can be bruteforced. This allows an attacker able to eavesdrop the
communications to decrypt them.
Workarounds
To ensure you're not affected by this vulnerability, you can disable support for curve25519-sha256
and [email protected]
key exchange algorithms by invoking the following method before a connection is established:
private static void RemoveUnsecureKEX(BaseClient client)
{
client.ConnectionInfo.KeyExchangeAlgorithms.Remove("curve25519-sha256");
client.ConnectionInfo.KeyExchangeAlgorithms.Remove("[email protected]");
}
Thanks
This issue was initially reported by Siemens AG, Digital Industries, shortly followed by @yaumn-synacktiv.
Permalink: https://github.com/advisories/GHSA-72p8-v4hg-v45pJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03MnA4LXY0aGctdjQ1cM4AArTX
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: almost 2 years ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Identifiers: GHSA-72p8-v4hg-v45p, CVE-2022-29245
References:
- https://github.com/sshnet/SSH.NET/security/advisories/GHSA-72p8-v4hg-v45p
- https://nvd.nist.gov/vuln/detail/CVE-2022-29245
- https://github.com/sshnet/SSH.NET/commit/03c6d60736b8f7b42e44d6989a53f9b644a091fb
- https://github.com/sshnet/SSH.NET/commit/f1f273cf349532b9d41c1de51d3b83a9accedc88
- https://github.com/sshnet/SSH.NET/blob/bc99ada7da3f05f50d9379f2644941d91d5bf05a/src/Renci.SshNet/Security/KeyExchangeECCurve25519.cs#L51
- https://github.com/sshnet/SSH.NET/releases/tag/2020.0.2
- https://github.com/advisories/GHSA-72p8-v4hg-v45p
Blast Radius: 1.0
Affected Packages
nuget:SSH.NET
Dependent packages: 228Dependent repositories: 0
Downloads: 135,919,570 total
Affected Version Ranges: < 2020.0.2
Fixed in: 2020.0.2
All affected versions: 2011.7.29, 2011.9.28, 2011.12.7, 2012.3.9, 2012.12.3, 2012.20.12, 2012.21.12, 2013.1.8, 2013.1.27, 2013.4.7, 2016.0.0, 2016.1.0, 2020.0.0, 2020.0.1
All unaffected versions: 2020.0.2, 2023.0.0, 2023.0.1, 2024.0.0, 2024.1.0