https://db.gcve.eu/sightings/feed 2026-05-18T17:09:39.508813+00:00 Vulnerability-Lookup info@gcve.eu python-feedgen Contains only the most 10 recent sightings. https://db.gcve.eu/sighting/06561192-7b00-43f1-9fb2-291d8aa8a3ec/export 2026-05-18T17:09:39.884479+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "06561192-7b00-43f1-9fb2-291d8aa8a3ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-29245", "type": "seen", "source": "https://t.me/cibsecurity/43573", "content": "\u203c CVE-2022-29245 \u203c\n\nSSH.NET is a Secure Shell (SSH) library for .NET. In versions 2020.0.0 and 2020.0.1, during an `X25519` key exchange, the client\u00c3\u00a2\u00e2\u201a\u00ac\u00e2\u201e\u00a2s private key is generated with `System.Random`. `System.Random` is not a cryptographically secure random number generator, it must therefore not be used for cryptographic purposes. When establishing an SSH connection to a remote host, during the X25519 key exchange, the private key is generated with a weak random number generator whose seed can be brute forced. This allows an attacker who is able to eavesdrop on the communications to decrypt them. Version 2020.0.2 contains a patch for this issue. As a workaround, one may disable support for `curve25519-sha256` and `curve25519-sha256@libssh.org` key exchange algorithms.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-31T20:23:51.000000Z"} 2022-05-31T20:23:51+00:00