CVE-2022-29245: 
C# vulnerability analysis and mitigation

SSH.NET, a Secure Shell (SSH) library for .NET, contained a security vulnerability in versions 2020.0.0 and 2020.0.1 where during the X25519 key exchange, the private key was generated using a weak random number generator. The vulnerability was discovered in May 2022 and tracked as CVE-2022-29245. The issue was patched in version 2020.0.2 (GitHub Release).

The vulnerability stemmed from the use of System.Random() instead of a cryptographically secure random number generator for generating private keys during X25519 key exchange. The vulnerable code in KeyExchangeECCurve25519.cs used System.Random().NextBytes() to generate the private key, which is not suitable for cryptographic purposes as its seed can be bruteforced (GitHub Advisory).

An attacker capable of eavesdropping on SSH communications could potentially decrypt the traffic by exploiting the weak random number generation. This was possible because the private key generation used a predictable random number generator whose seed could be bruteforced (GitHub Advisory).

The issue was fixed in version 2020.0.2 by replacing the weak random number generator with a cryptographically secure one using CryptoAbstraction.GenerateRandom(). For users unable to upgrade, a workaround exists by disabling the curve25519-sha256 and curve25519-sha256@libssh.org key exchange algorithms before establishing connections (GitHub Advisory).

The vulnerability was initially reported by Siemens AG, Digital Industries, followed by security researcher yaumn-synacktiv. The vendor addressed the issue promptly by releasing a security patch (GitHub Advisory).