CPNI has released a security advisory describing a vulnerability
in SSH that allows an attacker with control over the network to
recover up to 32 bits of plaintext from an SSH-protected connection
in the standard configuration.
Posted: December 2, 2008
The advisory recommends using the AES cipher in CTR mode rather
than CBC mode. VShell for some platforms, SecureCRT, SecureFX,
and the VanDyke ClientPack for some platforms now prefer the
AES cipher in CTR mode by default.
Affected Software Versions
VShell 3.5.1 and earlier
SecureCRT 6.1.2 and earlier
SecureFX 6.1.2 and earlier
VanDyke ClientPack 6.1.2 and earlier