CVE-2010-4478
CRITICALOpenSSH < 5.6 - Unauthenticated Authentication Bypass via J-PAKE Protocol
Title source: llmDescription
OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.
References (7)
Core 7
Core References
Patch x_refsource_confirm
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c#rev1.5
Vendor Advisory x_refsource_confirm
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12338
Various Sources x_refsource_confirm
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/jpake.c.diff?r1=1.4%3Br2=1.5%3Bf=h
Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=659297
Exploit x_refsource_misc
http://seb.dbzteam.org/crypto/jpake-session-key-retrieval.pdf
Scores
CVSS v3
9.8
EPSS
0.0424
EPSS Percentile
89.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-287
Status
published
Products (50)
openbsd/openssh
1.2
openbsd/openssh
1.2.1
openbsd/openssh
1.2.2
openbsd/openssh
1.2.3
openbsd/openssh
1.2.27
openbsd/openssh
1.3
openbsd/openssh
1.5
openbsd/openssh
1.5.7
openbsd/openssh
1.5.8
openbsd/openssh
2.1
... and 40 more
Published
Dec 06, 2010
Tracked Since
Feb 18, 2026