CVE-2023-51384

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 9.6

Description The issue is related to errors in key management in the ssh-agent tool of OpenSSH. It allows an attacker to disclose protected information by exploiting certain destination constraints that are not fully applied when adding PKCS#11-hosted private keys. Specifically, when destination constraints are specified, they are only applied to the first key, even if a PKCS#11 token returns multiple keys. This can be exploited by sending a specially crafted request to obtain sensitive information, which can then be used to launch further attacks against the affected system.

Recommendations For OpenSSH versions prior to 9.6, update to OpenSSH 9.6 to resolve the issue. As a temporary workaround, consider restricting the use of PKCS#11-hosted private keys until a patch is available. Avoid using the PKCS#11 token in the affected ssh-agent tool to minimize the risk of exploitation.