Title: OpenSSH Flaw Could Leak Crypto Keys Post by: HCK on January 16, 2016, 09:00:18 am OpenSSH Flaw Could Leak Crypto Keys
Qualys on Thursday reported a flaw in the OpenSSH client that could let a hacker steal the client's private crypto keys. The bug is the result of an undocumented feature called "roaming" that exists in version 5.4 and above. It's one of two vulnerabilities that a malicious SSH server or a trusted but compromised server can exploit, Qualys said. The other is a heap-based buffer overflow. Source: OpenSSH Flaw Could Leak Crypto Keys (http://www.technewsworld.com/story/82991.html?rss=1) |