CVE-2010-4478

OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
openbsdopenssh
𝑥
≤ 5.6
openbsdopenssh
1.2
openbsdopenssh
1.2.1
openbsdopenssh
1.2.2
openbsdopenssh
1.2.3
openbsdopenssh
1.2.27
openbsdopenssh
1.3
openbsdopenssh
1.5
openbsdopenssh
1.5.7
openbsdopenssh
1.5.8
openbsdopenssh
2.1
openbsdopenssh
2.1.1
openbsdopenssh
2.2
openbsdopenssh
2.3
openbsdopenssh
2.3.1
openbsdopenssh
2.5
openbsdopenssh
2.5.1
openbsdopenssh
2.5.2
openbsdopenssh
2.9
openbsdopenssh
2.9.9
openbsdopenssh
2.9.9p2:p2
openbsdopenssh
2.9p1:p1
openbsdopenssh
2.9p2:p2
openbsdopenssh
3.0
openbsdopenssh
3.0.1
openbsdopenssh
3.0.1p1:p1
openbsdopenssh
3.0.2
openbsdopenssh
3.0.2p1:p1
openbsdopenssh
3.0p1:p1
openbsdopenssh
3.1
openbsdopenssh
3.1p1:p1
openbsdopenssh
3.2
openbsdopenssh
3.2.2
openbsdopenssh
3.2.2p1:p1
openbsdopenssh
3.2.3p1:p1
openbsdopenssh
3.3
openbsdopenssh
3.3p1:p1
openbsdopenssh
3.4
openbsdopenssh
3.4p1:p1
openbsdopenssh
3.5
openbsdopenssh
3.5p1:p1
openbsdopenssh
3.6
openbsdopenssh
3.6.1
openbsdopenssh
3.6.1p1:p1
openbsdopenssh
3.6.1p2:p2
openbsdopenssh
3.7
openbsdopenssh
3.7.1
openbsdopenssh
3.7.1p1:p1
openbsdopenssh
3.7.1p2:p2
openbsdopenssh
3.8
openbsdopenssh
3.8.1
openbsdopenssh
3.8.1p1:p1
openbsdopenssh
3.9
openbsdopenssh
3.9.1
openbsdopenssh
3.9.1p1:p1
openbsdopenssh
4.0
openbsdopenssh
4.0p1:p1
openbsdopenssh
4.1
openbsdopenssh
4.1p1:p1
openbsdopenssh
4.2
openbsdopenssh
4.2p1:p1
openbsdopenssh
4.3
openbsdopenssh
4.3p1:p1
openbsdopenssh
4.3p2:p2
openbsdopenssh
4.4
openbsdopenssh
4.4p1:p1
openbsdopenssh
4.5
openbsdopenssh
4.6
openbsdopenssh
4.7
openbsdopenssh
4.7p1:p1
openbsdopenssh
4.8
openbsdopenssh
4.9
openbsdopenssh
5.0
openbsdopenssh
5.1
openbsdopenssh
5.2
openbsdopenssh
5.3
openbsdopenssh
5.4
openbsdopenssh
5.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openssh
bullseye (security)
1:8.4p1-5+deb11u3
fixed
bullseye
1:8.4p1-5+deb11u3
fixed
bookworm
1:9.2p1-2+deb12u3
fixed
bookworm (security)
1:9.2p1-2+deb12u3
fixed
sid
1:9.9p1-3
fixed
trixie
1:9.9p1-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openssh
maverick
not-affected
lucid
not-affected
karmic
not-affected
hardy
not-affected
dapper
not-affected
Common Weakness Enumeration
References
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c#rev1.5
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c.diff?r1=1.4%3Br2=1.5%3Bf=h
https://bugzilla.redhat.com/show_bug.cgi?id=659297
https://github.com/seb-m/jpake
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12338
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c#rev1.5
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c.diff?r1=1.4%3Br2=1.5%3Bf=h
https://bugzilla.redhat.com/show_bug.cgi?id=659297
https://github.com/seb-m/jpake
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12338