icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Dropbear < 0.49 Hostkey Host Spoofing Vulnerability

Medium

Synopsis

The remote host is vulnerable to a flaw that would allow remote attackers to spoof trusted hosts.

Description

The remote host is running Dropbear, a small, open-source SSH server. The version of Dropbear installed on the remote host by default has a flaw where the application fails to warn if the hostkey file has changed. An attacker exploiting this flaw would be able to execute a man-in-the-middle attack against the Dropbear server.

Solution

Upgrade to version 0.49 or higher.