Researchers find vulnerability in common security protocol


Researchers find vulnerability in common security protocol

Antony Savvas

Business networks are at risk because of vulnerabilities in a widely used security protocol.

Security researchers at the Massachussetts Institute of Technology (MIT) have highlighted the increasing danger of attacks exploiting weaknesses in the SSH (Secure Shell) protocol.

MIT warned that such attacks were likely to increase because of the widespread use of SSH in Unix- and Linux-based networks to secure remote connectivity.

The researchers found that most networks were vulnerable to a weakness involving SSH's known_hosts databases.

These databases are stored on SSH clients and include a list of remote hosts each user has previously contacted using SSH. The information includes hosts' public security keys, used by SSH to create a secure connection.

The problem relates to the fact that when a client is compromised by an attacker, known_hosts databases are easy to use in targeting other hosts. 

More information on the vulnerabilities and patches to help tackle the problem are available at:

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy