PT-2024-10725 · Easymine · Easymine
Published
2024-04-30
·
Updated
2024-07-03
·
CVE-2019-19751
CVSS v3.1
5.6
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
easyMINE versions prior to 2019-12-05
Description
The issue allows man-in-the-middle attacks due to SSH host keys being baked into the installation image. This makes it trivial to identify all public IPv4 nodes using Shodan.io.
Recommendations
For easyMINE versions prior to 2019-12-05, consider regenerating SSH host keys to prevent man-in-the-middle attacks. As a temporary workaround, restrict access to the affected nodes to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Easymine