CVE-2017-3204 is a vulnerability in GoLang Crypto
Published on April 4, 2017
The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism.
Weakness Type
Cryptographic Issues
Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.
Products Associated with CVE-2017-3204
Want to know whenever a new CVE is published for GoLang Crypto? stack.watch will email you.
Affected Versions
Go SSH library Version prior to commit e4e2799 is affected by CVE-2017-3204Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.