The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: certcc
Published: 2017-04-04T14:00:00
Updated: 2024-08-05T14:16:28.305Z
Reserved: 2016-12-05T00:00:00
Link: CVE-2017-3204
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2017-04-04T14:59:00.180
Modified: 2020-07-07T18:21:43.420
Link: CVE-2017-3204
Redhat