6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-29245

GHSA ID

GHSA-72p8-v4hg-v45p

EPSS Score

0.61429%

CWE

CWE-330

Published

6/1/2022

Updated

1/27/2023

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-29245

CVE-2022-29245: Weak private key generation in SSH.NET

During an X25519 key exchange, the client’s private is generated with System.Random:

var rnd = new Random();
_privateKey = new byte[MontgomeryCurve25519.PrivateKeySizeInBytes];
rnd.NextBytes(_privateKey);

Source: KeyExchangeECCurve25519.cs
Source commit: https://github.com/sshnet/SSH.NET/commit/b58a11c0da55da1f5bad46faad2e9b71b7cb35b3

System.Random is not a cryptographically secure random number generator, it must therefore not be used for cryptographic purposes.

Impact

When establishing an SSH connection to a remote host, during the X25519 key exchange, the private key is generated with a weak random number generator whose seed can be bruteforced. This allows an attacker able to eavesdrop the communications to decrypt them.

Workarounds

To ensure you're not affected by this vulnerability, you can disable support for curve25519-sha256 and curve25519-sha256@libssh.org key exchange algorithms by invoking the following method before a connection is established:

private static void RemoveUnsecureKEX(BaseClient client)
{
    client.ConnectionInfo.KeyExchangeAlgorithms.Remove("curve25519-sha256");
    client.ConnectionInfo.KeyExchangeAlgorithms.Remove("curve25519-sha256@libssh.org");
}

Thanks

This issue was initially reported by Siemens AG, Digital Industries, shortly followed by @yaumn-synacktiv.

(GitHub Advisory)

6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-29245

GHSA ID

GHSA-72p8-v4hg-v45p

EPSS Score

0.61429%

CWE

CWE-330

Published

6/1/2022

Updated

1/27/2023

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
SSH.NET	nuget	< 2020.0.2	2020.0.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from the use of System.Random in the key generation process. The code snippet explicitly shows _privateKey being populated via rnd.NextBytes(), where rnd is a System.Random instance. Cryptographic protocols require cryptographically secure PRNGs (like RNGCryptoServiceProvider) to prevent predictability. The fix in commit 03c6d60 replaces this with CryptoAbstraction.GenerateRandom, confirming the original implementation was insecure. The Start method is directly responsible for initializing the key exchange, making it the clear vulnerable entry point.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*urin* *n **X******* k*y *x***n**, t** *li*nt’s priv*t* is **n*r*t** wit* [**Syst*m.R*n*om**](*ttps://*o*s.mi*roso*t.*om/*n-us/*otn*t/*pi/syst*m.r*n*om): ```*s v*r rn* = n*w R*n*om(); _priv*t*K*y = n*w *yt*[Mont*om*ry*urv******.Priv*t*K*ySiz*In*yt*s

Reasoning

T** vuln*r**ility st*ms *rom t** us* o* `Syst*m.R*n*om` in t** k*y **n*r*tion pro**ss. T** *o** snipp*t *xpli*itly s*ows `_priv*t*K*y` **in* popul*t** vi* `rn*.N*xt*yt*s()`, w**r* `rn*` is * `Syst*m.R*n*om` inst*n**. *rypto*r*p*i* proto*ols r*quir* *

6.5

Basic Information

Concerned about an active attack path?

CVE-2022-29245: Weak private key generation in SSH.NET

Impact

Workarounds

Thanks

6.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI