SSH flaw could still cause problems

May 18, 2009 – 7:18 PM

A highly dangerous SSH flaw discovered a few months ago could still cause your organisation headaches, according to security experts.

The vulnerability was first made public when it emerged last November that researchers at Royal Holloway’s Information Security Group had found the flaw, which could allow hackers access to sensntive data.

SSH, or the Secure Shell Protocol, was designed to provide a secure channel between networked devices by encrypting data and is widely used by system administrators to allow them to securely access remote systems and to transfer sensitive data across the internet, according to the ISG.

The team duly discovered a basic design flaw which opens up the possibility of limited plaintext recovery attacks against SSH.

Although the attack is difficult to achieve, it is a very dangerous flaw given the fact that SSH is meant to be bullet-proof, and because of what it is meant to protect.

Source:
http://www.security-watchdog.co.uk/2009/05/ssh-flaw-could.html