CVE-2021-36368
3.7 LOWAn issue was discovered in OpenSSH before 8.9
Published: 2022-03-13 · Last updated: 2026-05-29
Severity and scoring
- CVSS
- 3.7 LOW
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
- CWE
- CWE-287
Affected products
| Vendor | Product |
|---|---|
| debian | debian_linux, openssh |
| openbsd | debian_linux, openssh |
Description
An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server, or that the user wishes to allow that server to connect to a different server on the user's behalf. NOTE: the vendor's position is "this is not an authentication bypass, since nothing is being bypassed.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-36368
- [Other]https://bugzilla.mindrot.org/show_bug.cgi?id=3316
- [Other]https://docs.ssh-mitm.at/trivialauth.html
- [Patch]https://github.com/openssh/openssh-portable/pull/258
- [Other]https://security-tracker.debian.org/tracker/CVE-2021-36368
- [Vendor advisory]https://www.openssh.com/security.html
- [Other]https://bugzilla.mindrot.org/show_bug.cgi?id=3316
- [Other]https://docs.ssh-mitm.at/trivialauth.html
- [Patch]https://github.com/openssh/openssh-portable/pull/258
- [Other]https://security-tracker.debian.org/tracker/CVE-2021-36368
- [Vendor advisory]https://www.openssh.com/security.html
Related CVEs
Same vendor
- CVE-2026-49975 — Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP ... (7.5 HIGH)
- CVE-2026-31431 — In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly r... (7.8 HIGH)
- CVE-2026-4775 — A flaw was found in the libtiff library (7.8 HIGH)
- CVE-2026-3497 — Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions (7.5 HIGH)
- CVE-2026-2219 — It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the dat... (7.5 HIGH)
Same CWE
- CVE-2026-47166 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.7 MEDIUM)
- CVE-2026-46705 — Russh is a Rust SSH client & server library (5.3 MEDIUM)
- CVE-2022-48575 — A person with access to a Mac may be able to bypass Login Window (3.5 LOW)
- CVE-2026-45567 — Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers (8.3 HIGH)
- CVE-2026-47838 — SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wr... (6.8 MEDIUM)