Unconfirmed Host Fingerprint Addition Vulnerability

Unconfirmed Host Fingerprint Addition Vulnerability

CVE-2018-6517 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user's known_hosts file without confirmation. In version 0.3.0 this is updated so that the user's known_hosts file is not updated by chloride.

Learn more about our User Device Pen Test.