Race Condition in Eternal Terminal Allows Hijacking of SSH Authorization Socket

Race Condition in Eternal Terminal Allows Hijacking of SSH Authorization Socket

CVE-2022-24950 · HIGH Severity

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId().

Learn more about our User Device Pen Test.