What is CVE-2023-43660?

CVE-2023-43660 is a vulnerability in Warpgate, a smart SSH, HTTPS, and MySQL bastion host for Linux.

What is the severity of CVE-2023-43660?

CVE-2023-43660 has a severity rating of 8.1, which is considered high.

How does CVE-2023-43660 affect the Warpgate software?

CVE-2023-43660 allows an attacker to bypass SSH key verification in Warpgate, potentially leading to unauthorized access.

How can I fix CVE-2023-43660?

To fix CVE-2023-43660, it is recommended to update to a version of Warpgate that is not affected by the vulnerability.

Vulnerability/
CVE-2023-43660

high

8.1

CWE

347 287

27/9/2023

20/9/2024

CVE-2023-43660: SSH key password bypassed in warpgate

Q: Where can I find more information about CVE-2023-43660?

More information about CVE-2023-43660 can be found in the references provided: [link1](https://github.com/warp-tech/warpgate/commit/a4df7f7a21395cfaee7a9789d1e3846290caeb63) and [link2](https://github.com/warp-tech/warpgate/security/advisories/GHSA-3cjp-w4cp-m9c8).

First published: Wed Sep 27 2023(Updated: )

Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. The SSH key verification for a user can be bypassed by sending an SSH key offer without a signature. This allows bypassing authentication under following conditions: 1. The attacker knows the username and a valid target name 2. The attacked knows the user's public key and 3. Only SSH public key authentication is required for the user account. This issue has been addressed in version 0.8.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Warpgate	<0.8.1

Remedy

https://github.com/warp-tech/warpgate/commit/a4df7f7a21395cfaee7a9789d1e3846290caeb63

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-43660?
CVE-2023-43660 is a vulnerability in Warpgate, a smart SSH, HTTPS, and MySQL bastion host for Linux.
What is the severity of CVE-2023-43660?
CVE-2023-43660 has a severity rating of 8.1, which is considered high.
How does CVE-2023-43660 affect the Warpgate software?
CVE-2023-43660 allows an attacker to bypass SSH key verification in Warpgate, potentially leading to unauthorized access.
How can I fix CVE-2023-43660?
To fix CVE-2023-43660, it is recommended to update to a version of Warpgate that is not affected by the vulnerability.
Where can I find more information about CVE-2023-43660?
More information about CVE-2023-43660 can be found in the references provided: [link1](https://github.com/warp-tech/warpgate/commit/a4df7f7a21395cfaee7a9789d1e3846290caeb63) and [link2](https://github.com/warp-tech/warpgate/security/advisories/GHSA-3cjp-w4cp-m9c8).

agent/weakness
agent/references
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/remedy
agent/last-modified-date
agent/title
agent/first-publish-date
agent/description
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
vendor/warpgate project
canonical/warpgate

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.