I do not know if Absolute Telnet is impacted by this. I'm just passing the info along as I've been getting news alerts about it.
[url= https://www.cve.org/CVERecord?id=CVE-2023-48795 ]CVE Record | CVE[/url]
[url= https://nvd.nist.gov/vuln/detail/CVE-2023-48795 ]NVD - CVE-2023-48795[/url]
I'm looking into it. This is a fairly recent development.
Best practice recommendation is to disable vulnerable algorithms.... ETM macs (options/properties/connection/ssh2/encryption), cbc mode encryptions (same page) as well as ChaCha20-Poly1305 (but Absolute doesn't even implement that)
To disable an algorithm, select it and re-order it below the 'algorithms below this line are disabled' line.
There will likely be a new version coming out to address this specifically. OpenSSH has introduced a feature called "strict key exchange" which is rapidly becoming the de-facto solution for this.
Stay tuned....
Brian
Update have been made that address the Terrapin vulnerability.
See here for details: http://www.celestialsoftware.net/terrapin
Go here to download Absolute 12.11 or higher:
