REDHAT-BUG-2344780
First published: Mon Feb 10 2025(Updated: )
The OpenSSH client is vulnerable to an active machine-in-the-middle attack if the VerifyHostKeyDNS option is enabled (it is disabled by default): when a vulnerable client connects to a server, an active machine-in-the-middle can impersonate the server by completely bypassing the client's checks of the server's identity.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenSSH |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-2344780?
The severity of REDHAT-BUG-2344780 is classified as high due to its potential for an active machine-in-the-middle attack.
How does REDHAT-BUG-2344780 affect OpenSSH clients?
REDHAT-BUG-2344780 affects OpenSSH clients by allowing an active machine-in-the-middle to impersonate the server when the VerifyHostKeyDNS option is enabled.
How do I fix REDHAT-BUG-2344780?
To fix REDHAT-BUG-2344780, disable the VerifyHostKeyDNS option in the OpenSSH client configuration if it is enabled.
Which versions of OpenSSH are affected by REDHAT-BUG-2344780?
All versions of the OpenSSH client that have the VerifyHostKeyDNS option enabled are vulnerable to REDHAT-BUG-2344780.
Is the VerifyHostKeyDNS option enabled by default in OpenSSH clients?
No, the VerifyHostKeyDNS option is disabled by default in OpenSSH clients.
- agent/last-modified-date
- agent/references
- agent/severity
- agent/source
- agent/description
- agent/type
- agent/first-publish-date
- agent/event
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2025-26465
- vendor/openssh
- canonical/openssh