PT-2022-10510 · Openssh+3 · Openssh+3

Manfred-Kaiser

Published

2022-03-12

Updated

2025-11-21

CVE-2021-36368

CVSS v3.1

3.7

Low

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 8.9

Description An issue was discovered in OpenSSH where a client using public-key authentication with agent forwarding but without -oLogLevel=verbose may be unable to determine whether FIDO authentication is confirming a connection to the intended server or allowing the server to connect to a different server on the user's behalf, if an attacker has silently modified the server to support the None authentication option.

Recommendations For versions prior to 8.9, update to version 8.9 or later to resolve the issue. As a temporary workaround, consider using -oLogLevel=verbose to increase logging and potentially detect such modifications. Restrict access to the server and limit agent forwarding to minimize the risk of exploitation.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

ALT-PU-2023-4460

ALT-PU-2024-7269

ALT-PU-2024-9513

AZL-9045

BDU:2025-10810

CVE-2021-36368

Affected Products

Alt Linux

Debian

Openssh

Red Os

PT-2022-10510 · Openssh+3 · Openssh+3

CVE-2021-36368

Weakness Enumeration

Related Identifiers

Affected Products

References · 76