SecurityHome.eu Security vulnerability: Pexip Infinity Non-Unique SSH Host Keys

Home / vulnerabilities PDF

Pexip Infinity Non-Unique SSH Host Keys
Posted on 30 January 2015
Source : packetstormsecurity.org Link

Summary
=======

The operating system used by Pexip Infinity does not create unique SSH
host keys on deployment of new Management and Conferencing Nodes, using
fixed host keys instead. Host keys are used to verify the identity of
the remote host when connecting to it over SSH. These keys are contained
in the publicly available software image.

An attacker with privileged network access may make use of these keys to
spoof the identity of a Pexip Infinity installation or conduct
man-in-the-middle attacks on administrative SSH sessions. This may
permit the attacker access to credentials used to authenticate sessions
over SSH and provide shell access to the affected systems.

This issue is resolved in Pexip Infinity version 8.

References
=========
CVE-2014-8779
http://pexip.com/security-bulletins

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Customer Support System 1.0 Cross Site Scripting
Xhibiter NFT Marketplace 1.10.2 SQL Injection
WordPress WPCode Lite 2.1.14 Cross Site Scripting
Azon Dominator Affiliate Marketing Script SQL Injection
Simple Laboratory Management System 1.0 SQL Injection

Last 20