Golang Go SSH Library CVE-2017-3204 Security Bypass Vulnerability

Golang Go SSH Library is prone to a security-bypass vulnerability.

Successfully exploiting this issue allows an attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.

Information

Bugtraq ID: 97481
Class: Unknown
CVE: CVE-2017-3204

Remote: Yes
Local: No
Published: Apr 04 2017 12:00AM
Credit: Phil Pennock
Vulnerable: golang Go 0

Not Vulnerable:

References:

• 38701 (Merged as e4e2799 ): ssh: require host key checking in the ClientConfig (GoogleSource)
  
• Golang Homepage (Golang)
  
• x/crypto/ssh: make ClientConfig HostKeyCallback non-permissive by default #1976 (Github)
  

Source: www.securityfocus.com