How I Tripped Over the Debian Weak Keys Vulnerability
(www.hezmatt.org)
from tedu to cloudsec on 09 Apr 2024 18:57
https://azorius.net/g/cloudsec/p/VwQKJGbxb9Hp5xTlxB-How-I-Tripped-Over-the-Debian-Weak-Keys-Vulnerab
from tedu to cloudsec on 09 Apr 2024 18:57
https://azorius.net/g/cloudsec/p/VwQKJGbxb9Hp5xTlxB-How-I-Tripped-Over-the-Debian-Weak-Keys-Vulnerab
Eventually, after more than a little debugging, we discovered that, somehow, there were two users with keys that had the same key fingerprint. This absolutely shouldn’t happen – it’s a bit like winning the lottery twice in a row – unless the users had somehow shared their keys with each other, of course. Still, it was worth investigating, just in case it was a web application bug, so the GitHub team reached out to the users impacted, to try and figure out what was going on.
threaded - newest