elie/ssh-audit
1
0
Fork 0
mirror of https://github.com/jtesta/ssh-audit.git synced 2024-11-16 13:35:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

Added 1 new key exchange algorithm: gss-nistp384-sha384-*

Browse Source
This commit is contained in:
Joe Testa 2024-03-14 16:01:48 -04:00
parent a4f508374a
commit 064b55e0c2
2 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -188,6 +188,7 @@ For convenience, a web front-end on top of the command-line tool is available at
- Gracefully handle rare exceptions (i.e.: crashes) while performing GEX tests.
- Added built-in policy for OpenSSH 9.7.
- Changed Docker base image from `python:3-slim` to `python:3-alpine`, resulting in a 59% reduction in image size; credit [Daniel Thamdrup](https://github.com/dallemon).
- Added 1 new key exchange algorithm: `gss-nistp384-sha384-*`.
### v3.1.0 (2023-12-20)
- Added test for the Terrapin message prefix truncation vulnerability ([CVE-2023-48795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795)).

1
src/ssh_audit/ssh2_kexdb.py
View File

@ -176,6 +176,7 @@ class SSH2_KexDB: # pylint: disable=too-few-public-methods
'gss-group1-sha1-*': [[], [FAIL_1024BIT_MODULUS, FAIL_LOGJAM_ATTACK, FAIL_SHA1]],
'gss-nistp256-sha256-*': [[], [FAIL_NSA_BACKDOORED_CURVE]],
'gss-nistp384-sha256-*': [[], [FAIL_NSA_BACKDOORED_CURVE]],
'gss-nistp384-sha384-*': [[], [FAIL_NSA_BACKDOORED_CURVE]],
'gss-nistp521-sha512-*': [[], [FAIL_NSA_BACKDOORED_CURVE]],
'kexAlgoCurve25519SHA256': [[]],
'kexAlgoDH14SHA1': [[], [FAIL_SHA1], [WARN_2048BIT_MODULUS]],