Filippo Valsorda :go: on Nostr: 🚨 x/crypto/ssh: misuse of ServerConfig.PublicKeyCallback may cause authorization ...
🚨 x/crypto/ssh: misuse of ServerConfig.PublicKeyCallback may cause authorization bypass
Common API misuse allows attacker to log in with one key, but appear to have logged in with another. Potentially affects services that look up users by key.
Partially mitigated in golang.org/x/crypto@v0.31.0.
https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q
Common API misuse allows attacker to log in with one key, but appear to have logged in with another. Potentially affects services that look up users by key.
Partially mitigated in golang.org/x/crypto@v0.31.0.
https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q