1190600 – (CVE-2016-20012) VUL-1: CVE-2016-20012: openssh: OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs becaus

Bug 1190600 (CVE-2016-20012) - VUL-1: CVE-2016-20012: openssh: OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs becaus

Summary: VUL-1: CVE-2016-20012: openssh: OpenSSH through 8.7 allows remote attackers, ...

Status:	RESOLVED FIXED

Alias:	CVE-2016-20012

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Minor
Target Milestone:	---
Assignee:	Hans Petter Jansson
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/310247/
Whiteboard:	CVSSv3.1:SUSE:CVE-2016-20012:3.7:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2021-09-17 11:07 UTC by Marcus Meissner
Modified:	2024-07-03 08:02 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2021-09-17 11:07:35 UTC

CVE-2016-20012

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain
combination of username and public key is known to an SSH server, to test
whether this suspicion is correct. This occurs because a challenge is sent only
when that combination could be valid for a login session.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-20012
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-20012
https://github.com/openssh/openssh-portable/blob/d0fffc88c8fe90c1815c6f4097bc8cbcabc0f3dd/auth2-pubkey.c#L261-L265
https://github.com/openssh/openssh-portable/pull/270
https://rushter.com/blog/public-ssh-keys/
https://utcc.utoronto.ca/~cks/space/blog/tech/SSHKeysAreInfoLeak

Comment 1 Marcus Meissner 2021-09-17 13:26:39 UTC

https://github.com/openssh/openssh-portable/pull/270

contains dispute notice by openssh development.

(now for lots of customers wanting the fix.... :/ )

Comment 2 Marcus Meissner 2022-03-16 16:46:47 UTC

Upstream is currently not considering this a serious security issue.

We are currently not planning to address this, but would pick up fixes if upstream ever goes on fixing it.