Forum

New SSH vulnerabili...
 
Notifications
Clear all

New SSH vulnerability: CVE-2023-48795

0 Posts
2 Users
0 Reactions
139 Views
(@taa1)
Trusted Member
Joined: 10 years ago
Posts: 46
Topic starter  

I do not know if Absolute Telnet is impacted by this. I'm just passing the info along as I've been getting news alerts about it.

[url= https://www.cve.org/CVERecord?id=CVE-2023-48795 ]CVE Record | CVE[/url]

[url= https://nvd.nist.gov/vuln/detail/CVE-2023-48795 ]NVD - CVE-2023-48795[/url]


   
ReplyQuote
(@bpence)
Member Admin
Joined: 6 months ago
Posts: 1398
 

I'm looking into it. This is a fairly recent development.

Best practice recommendation is to disable vulnerable algorithms.... ETM macs (options/properties/connection/ssh2/encryption), cbc mode encryptions (same page) as well as ChaCha20-Poly1305 (but Absolute doesn't even implement that)

To disable an algorithm, select it and re-order it below the 'algorithms below this line are disabled' line.

There will likely be a new version coming out to address this specifically. OpenSSH has introduced a feature called "strict key exchange" which is rapidly becoming the de-facto solution for this.

Stay tuned....

Brian


   
ReplyQuote
(@bpence)
Member Admin
Joined: 6 months ago
Posts: 1398
 

Update have been made that address the Terrapin vulnerability.

See here for details: http://www.celestialsoftware.net/terrapin

Go here to download Absolute 12.11 or higher:

https://www.celestialsoftware.net/download-page.html


   
ReplyQuote
Share: