Forum

New SSH vulnerabili...
 
Notifications
Clear all

New SSH vulnerability: CVE-2023-48795

0 Posts
2 Users
0 Reactions
810 Views
(@taa1)
Trusted Member
Joined: 10 years ago
Posts: 46
Topic starter  

I do not know if Absolute Telnet is impacted by this. I'm just passing the info along as I've been getting news alerts about it.

CVE Record | CVE

NVD - CVE-2023-48795

This post was modified 7 months ago 2 times by bpence

   
ReplyQuote
(@bpence)
Member Admin
Joined: 1 year ago
Posts: 1375
 

I'm looking into it. This is a fairly recent development.

Best practice recommendation is to disable vulnerable algorithms.... ETM macs (options/properties/connection/ssh2/encryption), cbc mode encryptions (same page) as well as ChaCha20-Poly1305 (but Absolute doesn't even implement that)

To disable an algorithm, select it and re-order it below the 'algorithms below this line are disabled' line.

There will likely be a new version coming out to address this specifically. OpenSSH has introduced a feature called "strict key exchange" which is rapidly becoming the de-facto solution for this.

Stay tuned....

Brian


   
ReplyQuote
(@bpence)
Member Admin
Joined: 1 year ago
Posts: 1375
 

Update have been made that address the Terrapin vulnerability.

See here for details: http://www.celestialsoftware.net/terrapin

Go here to download Absolute 12.11 or higher:

https://www.celestialsoftware.net/download-page.html


   
ReplyQuote
Share: