CVE-2020-14145
Description
CVE-2020-14145 is an information leak in OpenSSH 5.7–8.4 that allows a man-in-the-middle attacker to determine the preferred host key algorithm of the client during initial connections.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CVE-2020-14145 is an information leak in OpenSSH 5.7–8.4 that allows a man-in-the-middle attacker to determine the preferred host key algorithm of the client during initial connections.
Vulnerability
CVE-2020-14145 is an observable discrepancy in the client-side algorithm negotiation of OpenSSH versions 5.7 through 8.4 (and possibly 8.5 and 8.6 according to some reports) [1][4]. The vulnerability allows an attacker to infer the preferred host key algorithm of the client by observing the order in which the client proposes algorithms during the SSH handshake. This occurs only when the client has no cached host key for the server (i.e., during initial connection attempts) [1][3].
Exploitation
To exploit this vulnerability, an attacker must be in a position to conduct a man-in-the-middle (MITM) attack on the SSH connection [1]. The attacker needs to intercept the initial SSH handshake where the client sends its algorithm proposals. By observing the order of host key algorithms in the client's proposal, the attacker can determine which algorithm the client prefers. The attacker does not need to authenticate or have any special privileges; network access to the connection path is sufficient [1][3].
Impact
Successful exploitation leads to information disclosure: the attacker learns the client's preferred host key algorithm, which could aid in further attacks, such as downgrading the connection to a weaker algorithm or targeting specific key types [1][3]. This information leak is limited to the algorithm preference and does not directly allow impersonation, code execution, or data manipulation. However, it weakens the security of the initial key verification process, especially when no trusted host key is cached [1][3].
Mitigation
A partial mitigation was included in OpenSSH 8.4 via commit b3855ff053f5078ec3d3c653cdaedefaa5fc362d, which adjusts the algorithm ordering when the client has a key matching the default best-preference algorithm [2][3]. The Gentoo GLSA 202105-35 recommends upgrading to OpenSSH 8.5_p1 or later [4]. Users should ensure they are running a patched version (≥8.4) and consider employing known_hosts pinning or SSHFP records to reduce the risk of MITM attacks on first connection [3][4].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
51- OpenSSH/OpenSSHdescription
- Range: >=5.7, <=8.4
- osv-coords49 versionspkg:rpm/almalinux/openssh-askpasspkg:rpm/opensuse/openssh-askpass-gnome&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/openssh-askpass-gnome&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/openssh&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/openssh&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/openssh-askpass-gnome&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openssh-askpass-gnome&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openssh&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openssh&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/openssh&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/openssh&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openssh&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openssh&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openssh&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openssh&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 8.0p1-10.el8+ 48 more
- (no CPE)range: < 8.0p1-10.el8
- (no CPE)range: < 7.9p1-lp151.4.18.1
- (no CPE)range: < 8.1p1-lp152.4.9.1
- (no CPE)range: < 7.9p1-lp151.4.18.1
- (no CPE)range: < 8.1p1-lp152.4.9.1
- (no CPE)range: < 7.2p2-74.57.1
- (no CPE)range: < 7.2p2-74.57.1
- (no CPE)range: < 7.9p1-6.22.1
- (no CPE)range: < 8.1p1-5.9.1
- (no CPE)range: < 7.2p2-74.57.1
- (no CPE)range: < 7.2p2-74.57.1
- (no CPE)range: < 7.2p2-74.57.1
- (no CPE)range: < 7.2p2-74.57.1
- (no CPE)range: < 7.2p2-78.10.1
- (no CPE)range: < 7.2p2-78.10.1
- (no CPE)range: < 7.2p2-74.57.1
- (no CPE)range: < 7.2p2-74.57.1
- (no CPE)range: < 7.2p2-78.10.1
- (no CPE)range: < 7.2p2-78.10.1
- (no CPE)range: < 7.2p2-74.57.1
- (no CPE)range: < 7.2p2-74.57.1
- (no CPE)range: < 7.2p2-78.10.1
- (no CPE)range: < 7.2p2-74.57.1
- (no CPE)range: < 7.2p2-78.10.1
- (no CPE)range: < 7.2p2-74.57.1
- (no CPE)range: < 7.2p2-74.57.1
- (no CPE)range: < 7.6p1-9.38.1
- (no CPE)range: < 7.6p1-9.38.1
- (no CPE)range: < 7.9p1-6.22.1
- (no CPE)range: < 8.1p1-5.9.1
- (no CPE)range: < 7.9p1-6.22.1
- (no CPE)range: < 8.1p1-5.9.1
- (no CPE)range: < 7.2p2-74.57.1
- (no CPE)range: < 7.2p2-74.57.1
- (no CPE)range: < 7.2p2-74.57.1
- (no CPE)range: < 7.2p2-74.57.1
- (no CPE)range: < 7.2p2-78.10.1
- (no CPE)range: < 7.2p2-78.10.1
- (no CPE)range: < 7.6p1-9.38.1
- (no CPE)range: < 7.2p2-74.57.1
- (no CPE)range: < 7.2p2-74.57.1
- (no CPE)range: < 7.2p2-78.10.1
- (no CPE)range: < 7.2p2-78.10.1
- (no CPE)range: < 7.6p1-9.38.1
- (no CPE)range: < 7.2p2-74.57.1
- (no CPE)range: < 7.2p2-74.57.1
- (no CPE)range: < 7.2p2-78.10.1
- (no CPE)range: < 7.2p2-74.57.1
- (no CPE)range: < 7.2p2-78.10.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- security.gentoo.org/glsa/202105-35mitrevendor-advisoryx_refsource_GENTOO
- www.openwall.com/lists/oss-security/2020/12/02/1mitremailing-listx_refsource_MLIST
- anongit.mindrot.org/openssh.git/commit/mitrex_refsource_MISC
- docs.ssh-mitm.at/CVE-2020-14145.htmlmitrex_refsource_MISC
- github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1mitrex_refsource_MISC
- github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.pymitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20200709-0004/mitrex_refsource_CONFIRM
- www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.