The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.01254}

epss

{'score': 0.01695}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-04T12:39:36.101Z

Reserved: 2020-06-15T00:00:00

Link: CVE-2020-14145

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-06-29T18:15:11.940

Modified: 2024-11-21T05:02:44.080

Link: CVE-2020-14145

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-06-29T00:00:00Z

Links: CVE-2020-14145 - Bugzilla

cve-icon OpenCVE Enrichment

No data.