An information leak in OpenSSH 5.7-8.3 and PuTTY 0.68-0.73 allows an attacker to carry out targeted man-in-the-middle attacks. The vulnerabilities have been assigned to CVE-2020-14002 and CVE-2020-14145. Users can protect themselves by always verifying the fingerprint of the server during an initial connection attempt.
The full report is available for download here.
Permalink to this entry: https://url.fzi.de/en-vulns-ssh