Description
A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId().
References (3)
Core 3
Core References
Patch, Third Party Advisory
https://github.com/MisterTea/EternalTerminal/commit/900348bb8bc96e1c7ba4888ac8480f643c43d3c3
Exploit, Third Party Advisory
https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-85gw-pchc-4rf3
Mailing List mailing-list
http://www.openwall.com/lists/oss-security/2023/02/16/1
Scores
CVSS v3
7.5
EPSS
0.0057
EPSS Percentile
68.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-362
Status
published
Products (1)
eternal_terminal_project/eternal_terminal
< 6.2.0
Published
Aug 16, 2022
Tracked Since
Feb 18, 2026