CVE-2023-42829

MEDIUM

macOS 11.0-11.7.8 - Unauthorized SSH Passphrase Exposure via App State Observability

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-42829. PoCs published by JamesD4.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2023-42829, a vulnerability in the macOS `ssh` binary that allows local attackers to access SSH passphrases stored in the Keychain. The writeup includes a vulnerability analysis, patch analysis, and a proof-of-concept demonstrating the exploitability via the `-I` flag.

Description

The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to access SSH passphrases.

Exploits (1)

nomisec WRITEUP 2 stars
by JamesD4 · poc
https://github.com/JamesD4/CVE-2023-42829

This repository provides a detailed technical analysis of CVE-2023-42829, a vulnerability in the macOS `ssh` binary that allows local attackers to access SSH passphrases stored in the Keychain. The writeup includes a vulnerability analysis, patch analysis, and a proof-of-concept demonstrating the exploitability via the `-I` flag.

Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: macOS ssh binary (versions prior to macOS Ventura 13.5)
No auth needed
Prerequisites: Local access to a vulnerable macOS system · A malicious dynamic library masquerading as a pkcs11 library
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213843
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213844
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213845

Scores

CVSS v3 5.5
EPSS 0.0037
EPSS Percentile 29.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-200
Status published
Products (1)
apple/macos 11.0 - 11.7.9
Published Jan 10, 2024
Tracked Since Feb 18, 2026