Giter Club home page Giter Club logo

Comments (2)

ann4belle avatar ann4belle commented on June 19, 2024 2

[...] As far as I can tell based on the information that has been released this means that using KiTTY without a mitigation patch will allow for this attack even if the SSH server has been patched.

This is somewhat true - one way to partially mitigate this is to go into Connection > SSH > Cipher and move "ChaCha20 (SSH-2 only)" below "-- warn below here --" (be sure to save this in the Default Settings and any other saved sessions). This prevents the use of one of the vulnerable ciphers without warning. As a limitation inherited from PuTTY, the other vulnerable cipher is bundled with other non-vulnerable ones under "AES (SSH-2 only)", and KiTTY can't be configured to warn before using it without also warning before using non-vulnerable ciphers.

Even if you do move both below the warning threshold, running the Terrapin scanner will still produce a positive, as the vulnerable ciphers are still enabled and strict key exchange is unsupported.

Judging by the fact that KiTTY is advertised as "a fork from version 0.76 of PuTTY", and doesn't appear to have incorporated upstream commits since that version (seeing as PuTTY has released 0.77, 0.78, 0.79, and now 0.80), I'm starting to consider moving back to PuTTY myself.

from kitty.

BurtGummer avatar BurtGummer commented on June 19, 2024

I hope I don't have to go back to putty, but security is more important than usability

from kitty.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.