VKontakte.DJ
forum traveling
 

Celestial Software

...better by design

Home Support SSH Client Forums
Welcome, Guest
Please Login or Register.    Lost Password?
New SSH vulnerability: CVE-2023-48795 (2 viewing) (2) Guests
Go to bottom Favoured: 0
TOPIC: New SSH vulnerability: CVE-2023-48795
#9088
New SSH vulnerability: CVE-2023-48795 2 Months ago  
I do not know if Absolute Telnet is impacted by this. I'm just passing the info along as I've been getting news alerts about it.

CVE Record | CVE

NVD - CVE-2023-48795
taa1 (User)
Senior Boarder
Posts: 53
graphgraph
User Offline Click here to see the profile of this user
Logged Logged  
 
The administrator has disabled public write access.  
#9089
Re:New SSH vulnerability: CVE-2023-48795 2 Months ago  
I'm looking into it. This is a fairly recent development.

Best practice recommendation is to disable vulnerable algorithms.... ETM macs (options/properties/connection/ssh2/encryption), cbc mode encryptions (same page) as well as ChaCha20-Poly1305 (but Absolute doesn't even implement that)

To disable an algorithm, select it and re-order it below the 'algorithms below this line are disabled' line.


There will likely be a new version coming out to address this specifically. OpenSSH has introduced a feature called "strict key exchange" which is rapidly becoming the de-facto solution for this.


Stay tuned....

Brian
bpence (Admin)
Admin
Posts: 1404
graph
User Offline Click here to see the profile of this user
Logged Logged  
 
Brian Pence
Celestial Software
SSH , SFTP, and Telnet in a tabbed interface for Windows XP, Vista, Mobile, and others
 
The administrator has disabled public write access.  
#9090
Re:New SSH vulnerability: CVE-2023-48795 3 Weeks, 2 Days ago  
Update have been made that address the Terrapin vulnerability.

See here for details: www.celestialsoftware.net/terrapin

Go here to download Absolute 12.11 or higher:

www.celestialsoftware.net/download-page.html
bpence (Admin)
Admin
Posts: 1404
graph
User Offline Click here to see the profile of this user
Logged Logged  
 
Brian Pence
Celestial Software
SSH , SFTP, and Telnet in a tabbed interface for Windows XP, Vista, Mobile, and others
 
The administrator has disabled public write access.  
Go to top