A 'Serious' security vulnerability has been discovered and fixed in OpenSSH – one of the most widely used open-source implementations of the Secure Shell Protocol.

The critical vulnerability could be exploited by hackers to force clients to leak their secret private cryptographic keys, potentially exposing users to Man-in-the-Middle attacks. What Causes the Flaw to occur? The serious bug was actually the result of a code that enables an experimental "roaming" feature in the OpenSSH in order to let users resume connections. However, the roaming feature contains two different vulnerabilities.