CPNI-957037

Matt Johnston matt at ucc.asn.au
Mon Dec 15 22:33:22 WST 2008


On Thu, Dec 11, 2008 at 02:14:13PM -0500, Brian Minton wrote:
> Is dropbear vulnerable to the CBC mode plaintext recovery attack described at
>  http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt

Yes, Dropbear is most likely vulnerable to that attack. The
best workaround (if you're running in the risky situation of
a script that will automatically reconnect) is probably to
use 0.52 which uses Counter Mode by default, which doesn't
have problems. On average an active attacker would have to
disconnect several thousand connections before determining
any cleartext, so the risk of attack for interactive
sessions is low.

Matt


More information about the Dropbear mailing list