Win32-OpenSSH icon indicating copy to clipboard operation
Win32-OpenSSH copied to clipboard

Published 20 hours ago verified publisher icon PowerShell

Hardcoded banner allows an attacker to quickly identify vulnerable machines

Open user8446 opened this issue 1 year ago • 0 comments

Prerequisites

  • [X] Write a descriptive title.
  • [X] Make sure you are able to repro it on the latest version
  • [X] Search the existing issues.

Steps to reproduce

This is a duplicate of https://github.com/PowerShell/Win32-OpenSSH/issues/2021

Win32-OpenSSH publicly displays a banner revealing the OS and the OpenSSH version number. Although this is not a security vulnerability by itself, it will easily give an attacker known vulnerabilities on the system if a version is not the latest.

banner none is ignored in the config.

Expected behavior

No banner shown if `banner none` is in the config

Actual behavior

Displayed banner:

`SSH-2.0-OpenSSH_for_Windows_9.2`

Error details

No response

Environment data

Name                           Value
----                           -----
PSVersion                      7.3.4
PSEdition                      Core
GitCommitId                    7.3.4
OS                             Microsoft Windows 10.0.19045
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Version

9.2

Visuals

Screenshot 2023-04-13 215643

user8446 avatar Apr 14 '23 01:04 user8446