jtesta
commented
7 months ago Since a much more thorough test for this vulnerability was implemented in https://github.com/jtesta/ssh-audit/commit/8190fe59d07224ae1a6109098255b3c043f74bda, I'm closing this PR. Nevertheless, thank you @BareqAZ for putting in the effort! It is still very much appreciated!
Added a check for the DHEater vulnerability mentioned here: https://github.com/jtesta/ssh-audit/issues/211 And updated the tests. two things to note: Considering this issue is in the algorithm not the server, the vulnerability was documented in the algorithm itself rather than the CVEs section.
And I did have to edit the following docker test to expect a failure instead of a success:
749: run_openssh_test "8.0p1" "test3" "${PROGRAM_RETVAL_FAILURE}"I'm not sure if it's fine this way or if would you want to update the docker OpenSSH config instead. Either way, I thought I'd mention these here to be sure.