CVE-2019-19754

Name of the Vulnerable Software and Affected Versions HiveOS versions 0.6-102@191212 and earlier

Description The issue allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io, as SSH host keys are baked into the installation image. The vendor indicated that they would consider fixing this as of 2019-09-26.

Recommendations For HiveOS versions 0.6-102@191212 and earlier, consider regenerating SSH host keys to prevent man-in-the-middle attacks. At the moment, there is no information about a newer version that contains a fix for this issue.