Smart SSH, HTTPS and MySQL bastion that requires no additional client-side software
A flaw in the SSH protocol itself allows an active MitM attacker to prevent the client & server from negotiating OpenSSH security extensions, or, with AsyncSSH, take control of the user's session.
This release adds the support for the kex-strict-*[email protected]
extensions designed by OpenSSH specifically to prevent this attack.
More info: https://terrapin-attack.com
:warning: Update ASAP.
This vulnerability allows a user to escalate their privileges if the admin account isn't protected by 2FA.
X-Forwarded-*
headers, set http.trust_x_forwarded_for
to true
in the config file.The SSH key verification for a user could be bypassed by sending an SSH key offer without a signature. This allowed bypassing authentication completely under following conditions:
Insufficient authentication checks for SSO users allowed any SSO user to elevate their permission to these of any other SSO user. All configurations using SSO are affected.
warpgate setup
A malicious client or target could negotiate insecure Diffie-Hellman key exchange parameters in way that leads to an insecure shared secret and breaks confidentiality of traffic (for their own connection only).
Minimum required glibc version on Linux is now 2.18
ssh-rsa
hostkey in addition to rsa-sha*
- fixes Termius support on iOSwarpgate unattended-setup
) - fixes #409warpgate recover-access
) - fixes #410database_url
config option) - fixed #452scp
freezing up - #479 (Eugene Pankov)