CVE-2020-14145

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenSSH versions 5.7 through 8.4

Description The client side in OpenSSH has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts where no host key for the server has been cached by the client.

Recommendations For OpenSSH versions 5.7 through 8.4, update to a version later than 8.4 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Information Disclosure

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-203

Related Identifiers

ALSA-2021:4368

ALT-PU-2021-2395

ALT-PU-2021-4855

ALT-PU-2024-12010

ALT-PU-2024-12012

ALT-PU-2024-3921

ALT-PU-2024-4077

ALT-PU-2024-4467

ALT-PU-2024-7508

ALT-PU-2024-7510

ALT-PU-2024-7537

ALT-PU-2024-7539

ALT-PU-2024-7599

ALT-PU-2024-7601

ALT-PU-2024-9513

BDU:2021-03494

CESA-2021_4368

CVE-2020-14145

ECHO-06E5-62CC-395F

JLSEC-2026-63

MGASA-2021-0118

OESA-2021-1120

OPENSUSE-SU-2020:2240-1

OPENSUSE-SU-2020:2298-1

OPENSUSE-SU-2020_2240-1

OPENSUSE-SU-2020_2298-1

RHSA-2021:4368

RHSA-2021_4368

RLSA-2021:4368

SUSE-SU-2020:3736-1

SUSE-SU-2020:3844-1

SUSE-SU-2020:3866-1

SUSE-SU-2020:3882-1

SUSE-SU-2020_3736-1

SUSE-SU-2020_3844-1

SUSE-SU-2020_3866-1

SUSE-SU-2020_3882-1

SUSE-SU-2021:0022-1

SUSE-SU-2021_0022-1

USN-6279-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Openssh

Red Hat

Rocky Linux

Suse

CVE-2020-14145

Weakness Enumeration

Related Identifiers

Affected Products

References · 78