Ssh.Net · Ssh.Net · CVE-2022-29245
**Name of the Vulnerable Software and Affected Versions**
SSH.NET versions 2020.0.0 through 2020.0.1
**Description**
The issue arises during an `X25519` key exchange, where the client's private key is generated with `System.Random`, which is not a cryptographically secure random number generator. This allows an attacker who can eavesdrop on the communications to decrypt them.
**Recommendations**
For versions 2020.0.0 and 2020.0.1, update to version 2020.0.2 to resolve the issue.
As a temporary workaround, consider disabling support for `curve25519-sha256` and `curve25519-sha256@libssh.org` key exchange algorithms.