You are here

OpenSSH: Information-leak vulnerability (Triple-Seven)

IDs: 
CVE-2016-0777, CVE-2016-0778
Keywords: 
OpenSSH
Description: 

OpenSSH clients in version 5.4 - 7.1 are affected by an information leakage vulnerability due to a bug in the undocumented roaming feature. A malicious SSH server may be able to extract the client's private key [1].

Airlock WAF is not affected because the installed OpenSSH software version is not vulnerable.

Resolution: 

No action required for Airlock WAF.

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required