Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-43660

Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. The SSH key verification for a user can be bypassed by sending an SSH key offer without a signature. This allows bypassing authentication under following conditions: 1. The attacker knows the username and a valid target name 2. The attacked knows the user's public key and 3. Only SSH public key authentication is required for the user account. This issue has been addressed in version 0.8.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Published

2023-09-27T22:15:10.730

Last Modified

2024-11-21T08:24:34.007

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.8 (MEDIUM)

Weaknesses

Type: Secondary
CWE-287
Type: Primary
CWE-347

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	warpgate_project	warpgate	< 0.8.1	Yes

References

https://github.com/warp-tech/warpgate/commit/a4df7f7a21395cfaee7a9789d1e3846290caeb63 Patch ([email protected])
https://github.com/warp-tech/warpgate/security/advisories/GHSA-3cjp-w4cp-m9c8 Vendor Advisory ([email protected])
https://github.com/warp-tech/warpgate/commit/a4df7f7a21395cfaee7a9789d1e3846290caeb63 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/warp-tech/warpgate/security/advisories/GHSA-3cjp-w4cp-m9c8 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)