Vigil@nce: OpenSSH, information disclosure via CBC
November 2008 by Vigil@nce
An attacker capturing an OpenSSH session has a low probability to obtain 32 bits of plain text.
Consequences: data reading
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: unique source (2/5)
Diffusion of the vulnerable configuration: low (1/3)
Creation date: 18/11/2008
The OpenSSH program encrypts data of sessions using a CBC (Cipher Block Chaining) algorithm by default.
If an attacker creates an error in the session,
he has one chance over 262144 (2^18) to obtain 32 bits of the unencrypted session
he has one chance over 16384 (2^14) to obtain 14 bits of the unencrypted session This attack interrupts the SSH session, so the victim detects that a problem occurred.
This vulnerability does not impact the CTR (Counter) algorithm.
An attacker capturing an OpenSSH session, and injecting invalid data, thus has a low probability to obtain some bits of plain text.
Identifiers: BID-32319, VIGILANCE-VUL-8251