CVE-2017-3204 - OpenCVE

The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Golang	Crypto

Configuration 1 [-]

cpe:2.3:a:golang:crypto:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/97481	Third Party Advisory VDB Entry
https://bridge.grumpy-troll.org/2017/04/golang-ssh-security/	Third Party Advisory
https://github.com/golang/crypto/commit/e4e2799dd7aab89f583e1d898300d96367750991	Patch Third Party Advisory
https://github.com/golang/go/issues/19767	Third Party Advisory
https://godoc.org/golang.org/x/crypto/ssh	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2017-04-04T14:00:00

Updated: 2017-04-07T09:57:01

Reserved: 2016-12-05T00:00:00

Link: CVE-2017-3204

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-04-04T14:59:00.180

Modified: 2020-07-07T18:21:43.420

Link: CVE-2017-3204

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "SSH library", "vendor": "Go", "versions": [{"status": "affected", "version": "prior to commit e4e2799"}]}], "datePublic": "2017-04-02T00:00:00", "descriptions": [{"lang": "en", "value": "The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-310", "description": "CWE-310", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-04-07T09:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://godoc.org/golang.org/x/crypto/ssh"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/golang/go/issues/19767"}, {"tags": ["x_refsource_MISC"], "url": "https://bridge.grumpy-troll.org/2017/04/golang-ssh-security/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/golang/crypto/commit/e4e2799dd7aab89f583e1d898300d96367750991"}, {"name": "97481", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97481"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2017-3204", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SSH library", "version": {"version_data": [{"version_value": "prior to commit e4e2799"}]}}]}, "vendor_name": "Go"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-310"}]}]}, "references": {"reference_data": [{"name": "https://godoc.org/golang.org/x/crypto/ssh", "refsource": "MISC", "url": "https://godoc.org/golang.org/x/crypto/ssh"}, {"name": "https://github.com/golang/go/issues/19767", "refsource": "CONFIRM", "url": "https://github.com/golang/go/issues/19767"}, {"name": "https://bridge.grumpy-troll.org/2017/04/golang-ssh-security/", "refsource": "MISC", "url": "https://bridge.grumpy-troll.org/2017/04/golang-ssh-security/"}, {"name": "https://github.com/golang/crypto/commit/e4e2799dd7aab89f583e1d898300d96367750991", "refsource": "CONFIRM", "url": "https://github.com/golang/crypto/commit/e4e2799dd7aab89f583e1d898300d96367750991"}, {"name": "97481", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97481"}]}}}}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2017-3204", "datePublished": "2017-04-04T14:00:00", "dateReserved": "2016-12-05T00:00:00", "dateUpdated": "2017-04-07T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:golang:crypto:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C978A0F-3C80-4898-B1B3-DFF7F97D22DF", "versionEndIncluding": "2017-03-17", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism."}, {"lang": "es", "value": "La librer\u00eda Go SSH (x/crypto/ssh) por defecto no verifica las claves del host, facilitando ataques man-in-the-middle. El comportamiento predeterminado cambi\u00f3 en commit e4e2799 para requerir el registro expl\u00edcito de un mecanismo de verificaci\u00f3n de hostkey."}], "id": "CVE-2017-3204", "lastModified": "2020-07-07T18:21:43.420", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-04T14:59:00.180", "references": [{"source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97481"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://bridge.grumpy-troll.org/2017/04/golang-ssh-security/"}, {"source": "cret@cert.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/golang/crypto/commit/e4e2799dd7aab89f583e1d898300d96367750991"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "https://github.com/golang/go/issues/19767"}, {"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "https://godoc.org/golang.org/x/crypto/ssh"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-310"}], "source": "cret@cert.org", "type": "Secondary"}]}