Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-43886: Is the Centrify SSH client affected by OpenSSH vulnerability in CVE-2020-15778

Authentication Service ,  

17 November,20 at 05:53 PM

Is the SSH client bundled with Centrify-enabled OpenSSH affected by vulnerability CVE-2020-15778 and if so how is it being addressed?

Yes. A security vulnerability exists in the OpenSSH versions currently used in the Centrify OpenSSH package. The National Institute of Standards and Technology (NIST) has given this vulnerability a base score of 7.8 (High).

Updated November 17, 2020.

Centrify initially planned to include a patched version of OpenSSH in the Centrify OpenSSH package in our upcoming maintenance release, version 2020.1 / 5.7.1, currently targeted for mid-December 2020. OpenSSH has now commented that they do not intend to fix this issue, see Red Hat has indicated that they will not fix this issue either, see:

This will delay us from making a release that addresses this issue. We are considering our alternatives and we need more time given there is no readily available "fix" from OpenSSH. Until then, the current Centrify OpenSSH package (5.7.0) may be used with caution, or in the interim, use rsync as an alternative.

For further reference:
(All external links are provided as a courtesy)

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.