• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

AttachmateWRQ Reflection for Secure IT Windows Server Insecure Private Key Permissions Vulnerability

AttachmateWRQ Reflection for Secure IT Windows Server is susceptible to an insecure private key permissions vulnerability. This issue is due to a failure of the application to ensure secure permissions are placed on security-sensitive files.

This issue allows local users to gain access to the contents of private SSH host keys files. This allows attackers to create rouge SSH servers that seem to clients to be identical to the originating server. Man in the middle attacks, gaining access to the contents of encrypted communications, and other attacks are likely possible.

All versions of F-Secure SSH Server for Windows, and AttachmateWRQ Reflection for Secure IT Windows Server version 6.0 are vulnerable to this issue.