Archived Forum Post

Index of archived forum posts

Question:

OpenSSH Vulnerability?

Jan 20 '16 at 09:00

I just read this: http://securityaffairs.co/wordpress/43669/hacking/openssh-bug-leaks-private-keys.html

Chilkat would not be vulnerable to this flaw would it ?

(Havent come across a "roaming" feature in the documentation, but on the other hand I havent exactly been looking for it either.)

---

Answer

Chilkat's not vulnerable for two reasons:

1) Chilkat does not use OpenSSH, nor was Chilkat's SSH implementation developed using OpenSSH as a reference. The Chilkat SSH implementation was developed straight from the RFC specifications.

2) The vulnerability had to do with OpenSSH using experimental features to resume SSH sessions. Chilkat has never implemented this feature.