CVEs-PoC/2020/CVE-2020-14145.md

### [CVE-2020-14145](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14145)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Fastiraz/openssh-cve-resolv
- https://github.com/Totes5706/TotesHTB
- https://github.com/VladimirFogel/PRO4
- https://github.com/adegoodyer/ubuntu
- https://github.com/austin-lai/External-Penetration-Testing-Holo-Corporate-Network-TryHackMe-Holo-Network
- https://github.com/bioly230/THM_Skynet
- https://github.com/firatesatoglu/shodanSearch
- https://github.com/phx/cvescan
- https://github.com/siddicky/git-and-crumpets
- https://github.com/vshaliii/Basic-Pentesting-2-Vulnhub-Walkthrough
- https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough
- https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough
- https://github.com/vshaliii/DC-4-Vulnhub-Walkthrough
- https://github.com/vshaliii/Funbox2-rookie