Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:31683
HistoryFeb 02, 2015 - 12:00 a.m.

CVE-2014-8779: SSH Host keys on Pexip Infinity

2015-02-0200:00:00
vulners.com
14
JSON

Summary

The operating system used by Pexip Infinity does not create unique SSH
host keys on deployment of new Management and Conferencing Nodes, using
fixed host keys instead. Host keys are used to verify the identity of
the remote host when connecting to it over SSH. These keys are contained
in the publicly available software image.

An attacker with privileged network access may make use of these keys to
spoof the identity of a Pexip Infinity installation or conduct
man-in-the-middle attacks on administrative SSH sessions. This may
permit the attacker access to credentials used to authenticate sessions
over SSH and provide shell access to the affected systems.

This issue is resolved in Pexip Infinity version 8.

References

CVE-2014-8779
http://pexip.com/security-bulletins

Related

cve 1
prion 1
securityvulns 1
cve
cve
CVE-2014-8779
2015-02-03 16:59:00
prion
prion
Code injection
2015-02-03 16:59:00
securityvulns
securityvulns
Pexip Infinity static ssh keys
2015-02-02 00:00:00
JSON
Related for SECURITYVULNS:DOC:31683
cve1prion1securityvulns1