漏洞描述
SSH host keys with a bit length below 2048 are deemed weak, posing an increased vulnerability to security threats. Employing robust key lengths is crucial for fortifying the integrity of encrypted communication and thwarting potential exploits.
ssh-weak-public-key: SSH Host Keys < 2048 Bits Considered Weak
PoC代码[已公开]
id: ssh-weak-public-key
info:
name: SSH Host Keys < 2048 Bits Considered Weak
author: pussycat0x
severity: low
description: |
SSH host keys with a bit length below 2048 are deemed weak, posing an increased vulnerability to security threats. Employing robust key lengths is crucial for fortifying the integrity of encrypted communication and thwarting potential exploits.
reference:
- https://www.tenable.com/plugins/nessus/153954
metadata:
verified: true
max-request: 2
shodan-query: product:"OpenSSH"
tags: enum,js,ssh,misconfig,network,vuln
variables:
ecdsa_bit: '256' # 256 bytes = 2048 bits
rsa_bit: '2048' # 2048 bits
javascript:
- pre-condition: |
isPortOpen(Host,Port);
code: |
let m = require("nuclei/ssh");
let c = m.SSHClient();
let response = c.ConnectSSHInfoMode(Host, Port);
Export(response);
args:
Host: "{{Host}}"
Port: "22"
matchers-condition: and
matchers:
- type: word
words:
- "server_host_key"
- type: dsl
dsl:
- 'len(ecdsa_keylen) != 0 && ecdsa_keylen < ecdsa_bit'
- 'len(rsa_keylen) !=0 && rsa_keylen < rsa_bit'
extractors:
- type: json
internal: true
name: ecdsa_keylen
json:
- '.DHKeyExchange.server_host_key.ecdsa_public_key.length'
- type: json
internal: true
name: rsa_keylen
json:
- '.DHKeyExchange.server_host_key.rsa_public_key.length'
# digest: 4a0a004730450221008ff1bb894bc762d64e4aba254a8e8005be02d108f362f64dda4ecaa946c6c6c802202cb8c57742001babf73e15f6d84bc426ff1eb38db86fe85662d8453dd684ff42:922c64590222798bb761d5b6d8e72950