Researchers find vulnerability in common security protocol

News

Researchers find vulnerability in common security protocol

Antony Savvas

Business networks are at risk because of vulnerabilities in a widely used security protocol.

Security researchers at the Massachussetts Institute of Technology (MIT) have highlighted the increasing danger of attacks exploiting weaknesses in the SSH (Secure Shell) protocol.

MIT warned that such attacks were likely to increase because of the widespread use of SSH in Unix- and Linux-based networks to secure remote connectivity.

The researchers found that most networks were vulnerable to a weakness involving SSH's known_hosts databases.

These databases are stored on SSH clients and include a list of remote hosts each user has previously contacted using SSH. The information includes hosts' public security keys, used by SSH to create a secure connection.

The problem relates to the fact that when a client is compromised by an attacker, known_hosts databases are easy to use in targeting other hosts. 

More information on the vulnerabilities and patches to help tackle the problem are available at:

http://nms.csail.mit.edu/projects/ssh/


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy