Manfred-Kaiser

**Name of the Vulnerable Software and Affected Versions** OpenSSH versions prior to 8.9 **Description** An issue was discovered in OpenSSH where a client using public-key authentication with agent forwarding but without -oLogLevel=verbose may be unable to determine whether FIDO authentication is confirming a connection to the intended server or allowing the server to connect to a different server on the user's behalf, if an attacker has silently modified the server to support the None authentication option. **Recommendations** For versions prior to 8.9, update to version 8.9 or later to resolve the issue. As a temporary workaround, consider using -oLogLevel=verbose to increase logging and potentially detect such modifications. Restrict access to the server and limit agent forwarding to minimize the risk of exploitation.