[//]: # (werk v2)
# Persist known host keys for checks that use SSH
key | value
---------- | ---
date | 2024-08-26T08:56:04+00:00
version | 2.4.0b1
class | security
edition | cre
component | checks
level | 1
compatible | yes
When using the special agent *VNX quotas and filesystems* or the active check *Check SFTP
Service* the host keys were not properly checked.
If an attacker would get into a machine-in-the-middle position he could intercept the
connection and retrieve information e.g. passwords.
As of this Werk the host key check is properly done.
In order to store known host keys a regular `known_hosts` file is used that is stored in
`/omd/sites/$SITENAME/.ssh/known_hosts`.
If a host key changes an error is now raised that requires manual edit of this file.
This issue was found during internal review.
*Affected Versions*:
* 2.3.0
* 2.2.0
* 2.1.0
* 2.0.0 (EOL)
*Vulnerability Management*:
We have rated the issue with a CVSS Score of 6.3 Medium
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N and assigned
CVE-2024-6572.
Show replies by date