Vigil@nce: OpenSSH, information disclosure via CBC
November 2008 by Vigil@nce
SYNTHESIS
An attacker capturing an OpenSSH session has a low probability to
obtain 32 bits of plain text.
Gravity: 1/4
Consequences: data reading
Provenance: LAN
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: unique source (2/5)
Diffusion of the vulnerable configuration: low (1/3)
Creation date: 18/11/2008
IMPACTED PRODUCTS
– OpenSSH
DESCRIPTION
The OpenSSH program encrypts data of sessions using a CBC (Cipher
Block Chaining) algorithm by default.
If an attacker creates an error in the session,
– he has one chance over 262144 (2^18) to obtain 32 bits of the
unencrypted session
– he has one chance over 16384 (2^14) to obtain 14 bits of the
unencrypted session
This attack interrupts the SSH session, so the victim detects that
a problem occurred.
This vulnerability does not impact the CTR (Counter) algorithm.
An attacker capturing an OpenSSH session, and injecting invalid
data, thus has a low probability to obtain some bits of plain text.
CHARACTERISTICS
Identifiers: BID-32319, VIGILANCE-VUL-8251