Justlovediaodiao

**Name of the Vulnerable Software and Affected Versions** JumpServer versions prior to 3.5.6 JumpServer versions prior to 3.6.5 **Description** The issue is related to the Koko SSH server in JumpServer, an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit this by utilizing a disclosed public key to attempt brute-force authentication against the SSH service. **Recommendations** For versions prior to 3.5.6, upgrade to version 3.5.6 or later. For versions prior to 3.6.5, upgrade to version 3.6.5 or later. As a temporary workaround, consider disabling the use of public keys for authentication until a patch is available. Restrict access to the SSH service to minimize the risk of exploitation.