Incorrect Implementation of Authentication Algorithm Affecting golang.org/x/crypto/ssh package, versions <0.31.0


Severity

Recommended
0.0
critical
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.05% (18th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-GOLANG-GOLANGORGXCRYPTOSSH-8496611
  • published12 Dec 2024
  • disclosed11 Dec 2024
  • creditJules Duvivier, Damien Tournoud, Vince Parker, Patrick Dawkins

Introduced: 11 Dec 2024

CVE-2024-45337  (opens in a new tab)
CWE-303  (opens in a new tab)

How to fix?

Upgrade golang.org/x/crypto/ssh to version 0.31.0 or higher.

Overview

golang.org/x/crypto/ssh is a SSH client and server

Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm when the key passed in the last call before a connection is established is assumed to be the key used for authentication. It is not necessarily the authentication key in use, and this allows attackers who can control the key cache by making their own carefully-timed connections to bypass authorization with subsequent legitimate ServerConfig.PublicKeyCallback callbacks.

Note: The assumed caching behavior of this callback is not documented and is therefore considered human error, but the project maintainers have observed reliance on it for authorization decisions in production. In fact, the assumption is negated in the documentation, which states "A call to this function does not guarantee that the key offered is in fact used to authenticate." The behavior after upgrading still allows the possibility of an attacker forcing their own key to be the one in the cache when the callback is invoked if the client is using a different authentication method such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. It is therefore recommended to rely on the return values of the connection itself, found in ServerConn.Permissions for further authorization steps.

CVSS Scores

version 4.0
version 3.1