CVE-2023-43660

Name of the Vulnerable Software and Affected Versions Warpgate versions prior to 0.8.1

Description The issue is related to errors in cryptographic signature verification, allowing a remote attacker to bypass the authentication process under certain conditions. Specifically, the SSH key verification for a user can be bypassed by sending an SSH key offer without a signature, if the attacker knows the username, a valid target name, and the user's public key, and only SSH public key authentication is required for the user account.

Recommendations For versions prior to 0.8.1, upgrade to version 0.8.1 to address the issue. As a temporary workaround, consider restricting access to SSH public key authentication or requiring additional authentication methods until the upgrade can be applied. Avoid using only SSH public key authentication for user accounts until the issue is resolved.