Addressing the Passive SSH Key Compromise: Security Update for Maverick Servers

Introduction

In the dynamic landscape of cybersecurity, vigilance is critical. A recent study has highlighted a vulnerability known as “Passive SSH Key Compromise,” which poses risks to SSH connections through certain RSA key signature generation flaws. At Jadaptive, we prioritize your security and have conducted a comprehensive analysis of our products in light of this discovery.

Understanding the Vulnerability

This vulnerability allows an attacker to access SSH connections by exploiting RSA key signature generation computational errors. These errors can lead to the unauthorized calculation of an SSH server’s private host key, essential for secure communications. This issue is particularly relevant for devices and servers using specific RSA keys and is not associated with OpenSSL or LibreSSL libraries.

Our Response and Mitigation Strategy

Our Maverick Legacy Server and Maverick Synergy Server products utilize Java Cryptography Extensions (JCE) for signature generation. Due to the diversity of JCE providers and the potential risks posed by this vulnerability, we’ve taken proactive measures to enhance the security of our servers.

We are pleased to announce the release of updated versions of our products: Maverick Legacy Server 1.7.55 and Maverick Synergy HotFixes 3.0.12. These updates incorporate robust security measures to mitigate the Passive SSH Key Compromise vulnerability risks. We strongly recommend all our customers to upgrade to these latest versions as a precautionary measure.

Alternative Security Measures

In addition to upgrading, we advise our customers to consider other security practices, such as disabling RSA keys, which are at the centre of this vulnerability.

Commitment to Security

At Jadaptive, your security is our utmost priority. We continuously monitor cybersecurity to ensure our products are fortified against emerging threats. Our team is dedicated to providing you with the support and resources needed to maintain a secure digital environment.

Contact Us for Support

Please contact our support team for any queries or assistance regarding this update or general security concerns. We are here to assist you in navigating these security updates and ensuring the safety of your systems.

Conclusion

Staying ahead of security threats is a collaborative effort. We appreciate your prompt attention and your trust in us to safeguard your digital assets. Stay tuned to our blog for more updates and insights into cybersecurity.